aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/dh
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/crypto/dh')
-rw-r--r--openssl/crypto/dh/Makefile50
-rw-r--r--openssl/crypto/dh/dh.h454
-rw-r--r--openssl/crypto/dh/dh_ameth.c1240
-rw-r--r--openssl/crypto/dh/dh_asn1.c138
-rw-r--r--openssl/crypto/dh/dh_check.c165
-rw-r--r--openssl/crypto/dh/dh_depr.c29
-rw-r--r--openssl/crypto/dh/dh_err.c102
-rw-r--r--openssl/crypto/dh/dh_gen.c206
-rwxr-xr-xopenssl/crypto/dh/dh_kdf.c187
-rw-r--r--openssl/crypto/dh/dh_key.c373
-rw-r--r--openssl/crypto/dh/dh_lib.c301
-rw-r--r--openssl/crypto/dh/dh_pmeth.c646
-rw-r--r--openssl/crypto/dh/dh_prn.c37
-rwxr-xr-xopenssl/crypto/dh/dh_rfc5114.c285
-rw-r--r--openssl/crypto/dh/dhtest.c624
-rw-r--r--openssl/crypto/dh/p1024.c62
-rw-r--r--openssl/crypto/dh/p192.c38
-rw-r--r--openssl/crypto/dh/p512.c48
18 files changed, 3408 insertions, 1577 deletions
diff --git a/openssl/crypto/dh/Makefile b/openssl/crypto/dh/Makefile
index f23b4f7fd..f44790782 100644
--- a/openssl/crypto/dh/Makefile
+++ b/openssl/crypto/dh/Makefile
@@ -18,9 +18,9 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \
- dh_ameth.c dh_pmeth.c dh_prn.c
+ dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c
LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o \
- dh_ameth.o dh_pmeth.o dh_prn.o
+ dh_ameth.o dh_pmeth.o dh_prn.o dh_rfc5114.o dh_kdf.o
SRC= $(LIBSRC)
@@ -78,13 +78,13 @@ clean:
dh_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
dh_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_ameth.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
-dh_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-dh_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-dh_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-dh_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dh_ameth.o: ../../include/openssl/opensslconf.h
+dh_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+dh_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dh_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dh_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dh_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_ameth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dh_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dh_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
dh_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -132,6 +132,19 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dh_gen.o: ../cryptlib.h dh_gen.c
+dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dh_kdf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dh_kdf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dh_kdf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dh_kdf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_kdf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+dh_kdf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dh_kdf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_kdf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+dh_kdf.o: dh_kdf.c
dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
@@ -158,11 +171,12 @@ dh_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
dh_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
dh_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dh_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-dh_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-dh_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-dh_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dh_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dh_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_pmeth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dh_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+dh_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+dh_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dh_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dh_pmeth.o: ../../include/openssl/opensslconf.h
dh_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dh_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
dh_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -178,3 +192,11 @@ dh_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
dh_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dh_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dh_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_prn.c
+dh_rfc5114.o: ../../e_os.h ../../include/openssl/bio.h
+dh_rfc5114.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_rfc5114.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_rfc5114.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_rfc5114.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_rfc5114.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_rfc5114.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_rfc5114.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_rfc5114.c
diff --git a/openssl/crypto/dh/dh.h b/openssl/crypto/dh/dh.h
index ea59e610e..0502f1a9c 100644
--- a/openssl/crypto/dh/dh.h
+++ b/openssl/crypto/dh/dh.h
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -57,49 +57,54 @@
*/
#ifndef HEADER_DH_H
-#define HEADER_DH_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_DH
-#error DH is disabled.
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifndef OPENSSL_DH_MAX_MODULUS_BITS
-# define OPENSSL_DH_MAX_MODULUS_BITS 10000
-#endif
+# define HEADER_DH_H
+
+# include <openssl/e_os2.h>
+
+# ifdef OPENSSL_NO_DH
+# error DH is disabled.
+# endif
+
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+# include <openssl/ossl_typ.h>
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/bn.h>
+# endif
+
+# ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
+# endif
+
+# define DH_FLAG_CACHE_MONT_P 0x01
+
+/*
+ * new with 0.9.7h; the built-in DH
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
+# define DH_FLAG_NO_EXP_CONSTTIME 0x02
-#define DH_FLAG_CACHE_MONT_P 0x01
-#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
- * implementation now uses constant time
- * modular exponentiation for secret exponents
- * by default. This flag causes the
- * faster variable sliding window method to
- * be used for all exponents.
- */
-
-/* If this flag is set the DH method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
+/*
+ * If this flag is set the DH method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its reposibility to ensure the
+ * result is compliant.
*/
-#define DH_FLAG_FIPS_METHOD 0x0400
+# define DH_FLAG_FIPS_METHOD 0x0400
-/* If this flag is set the operations normally disabled in FIPS mode are
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
* permitted it is then the applications responsibility to ensure that the
* usage is compliant.
*/
-#define DH_FLAG_NON_FIPS_ALLOW 0x0400
+# define DH_FLAG_NON_FIPS_ALLOW 0x0400
#ifdef __cplusplus
extern "C" {
@@ -109,75 +114,79 @@ extern "C" {
/* typedef struct dh_st DH; */
/* typedef struct dh_method DH_METHOD; */
-struct dh_method
- {
- const char *name;
- /* Methods here */
- int (*generate_key)(DH *dh);
- int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
- int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx); /* Can be null */
-
- int (*init)(DH *dh);
- int (*finish)(DH *dh);
- int flags;
- char *app_data;
- /* If this is non-NULL, it will be used to generate parameters */
- int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
- };
-
-struct dh_st
- {
- /* This first argument is used to pick up errors when
- * a DH is passed instead of a EVP_PKEY */
- int pad;
- int version;
- BIGNUM *p;
- BIGNUM *g;
- long length; /* optional */
- BIGNUM *pub_key; /* g^x */
- BIGNUM *priv_key; /* x */
-
- int flags;
- BN_MONT_CTX *method_mont_p;
- /* Place holders if we want to do X9.42 DH */
- BIGNUM *q;
- BIGNUM *j;
- unsigned char *seed;
- int seedlen;
- BIGNUM *counter;
-
- int references;
- CRYPTO_EX_DATA ex_data;
- const DH_METHOD *meth;
- ENGINE *engine;
- };
-
-#define DH_GENERATOR_2 2
-/* #define DH_GENERATOR_3 3 */
-#define DH_GENERATOR_5 5
+struct dh_method {
+ const char *name;
+ /* Methods here */
+ int (*generate_key) (DH *dh);
+ int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+ /* Can be null */
+ int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+ int (*init) (DH *dh);
+ int (*finish) (DH *dh);
+ int flags;
+ char *app_data;
+ /* If this is non-NULL, it will be used to generate parameters */
+ int (*generate_params) (DH *dh, int prime_len, int generator,
+ BN_GENCB *cb);
+};
+
+struct dh_st {
+ /*
+ * This first argument is used to pick up errors when a DH is passed
+ * instead of a EVP_PKEY
+ */
+ int pad;
+ int version;
+ BIGNUM *p;
+ BIGNUM *g;
+ long length; /* optional */
+ BIGNUM *pub_key; /* g^x */
+ BIGNUM *priv_key; /* x */
+ int flags;
+ BN_MONT_CTX *method_mont_p;
+ /* Place holders if we want to do X9.42 DH */
+ BIGNUM *q;
+ BIGNUM *j;
+ unsigned char *seed;
+ int seedlen;
+ BIGNUM *counter;
+ int references;
+ CRYPTO_EX_DATA ex_data;
+ const DH_METHOD *meth;
+ ENGINE *engine;
+};
+
+# define DH_GENERATOR_2 2
+/* #define DH_GENERATOR_3 3 */
+# define DH_GENERATOR_5 5
/* DH_check error codes */
-#define DH_CHECK_P_NOT_PRIME 0x01
-#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
-#define DH_UNABLE_TO_CHECK_GENERATOR 0x04
-#define DH_NOT_SUITABLE_GENERATOR 0x08
+# define DH_CHECK_P_NOT_PRIME 0x01
+# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
+# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
+# define DH_NOT_SUITABLE_GENERATOR 0x08
+# define DH_CHECK_Q_NOT_PRIME 0x10
+# define DH_CHECK_INVALID_Q_VALUE 0x20
+# define DH_CHECK_INVALID_J_VALUE 0x40
/* DH_check_pub_key error codes */
-#define DH_CHECK_PUBKEY_TOO_SMALL 0x01
-#define DH_CHECK_PUBKEY_TOO_LARGE 0x02
+# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
+# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
-/* primes p where (p-1)/2 is prime too are called "safe"; we define
- this for backward compatibility: */
-#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
+/*
+ * primes p where (p-1)/2 is prime too are called "safe"; we define this for
+ * backward compatibility:
+ */
+# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
-#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
- (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
-#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
- (unsigned char *)(x))
-#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+ (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
+# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
+ (unsigned char *)(x))
+# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
+# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
DH *DHparams_dup(DH *);
@@ -188,53 +197,150 @@ const DH_METHOD *DH_get_default_method(void);
int DH_set_method(DH *dh, const DH_METHOD *meth);
DH *DH_new_method(ENGINE *engine);
-DH * DH_new(void);
-void DH_free(DH *dh);
-int DH_up_ref(DH *dh);
-int DH_size(const DH *dh);
+DH *DH_new(void);
+void DH_free(DH *dh);
+int DH_up_ref(DH *dh);
+int DH_size(const DH *dh);
int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int DH_set_ex_data(DH *d, int idx, void *arg);
void *DH_get_ex_data(DH *d, int idx);
/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-DH * DH_generate_parameters(int prime_len,int generator,
- void (*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+# ifndef OPENSSL_NO_DEPRECATED
+DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback) (int, int, void *), void *cb_arg);
+# endif /* !defined(OPENSSL_NO_DEPRECATED) */
/* New version */
-int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
-
-int DH_check(const DH *dh,int *codes);
-int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
-int DH_generate_key(DH *dh);
-int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-DH * d2i_DHparams(DH **a,const unsigned char **pp, long length);
-int i2d_DHparams(const DH *a,unsigned char **pp);
-#ifndef OPENSSL_NO_FP_API
-int DHparams_print_fp(FILE *fp, const DH *x);
-#endif
-#ifndef OPENSSL_NO_BIO
-int DHparams_print(BIO *bp, const DH *x);
-#else
-int DHparams_print(char *bp, const DH *x);
-#endif
-
-#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
-
-#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
-
-#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
-#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
-
+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
+ BN_GENCB *cb);
+
+int DH_check(const DH *dh, int *codes);
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
+int DH_generate_key(DH *dh);
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHparams(const DH *a, unsigned char **pp);
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHxparams(const DH *a, unsigned char **pp);
+# ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x);
+# endif
+# ifndef OPENSSL_NO_BIO
+int DHparams_print(BIO *bp, const DH *x);
+# else
+int DHparams_print(char *bp, const DH *x);
+# endif
+
+/* RFC 5114 parameters */
+DH *DH_get_1024_160(void);
+DH *DH_get_2048_224(void);
+DH *DH_get_2048_256(void);
+
+/* RFC2631 KDF */
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ ASN1_OBJECT *key_oid,
+ const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
+
+# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid)
+
+# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid)
+
+# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md)
+
+# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd)
+
+# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen)
+
+# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p)
+
+# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p)
+
+# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
+
+/* KDF types */
+# define EVP_PKEY_DH_KDF_NONE 1
+# define EVP_PKEY_DH_KDF_X9_42 2
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_DH_strings(void);
@@ -242,37 +348,43 @@ void ERR_load_DH_strings(void);
/* Error codes for the DH functions. */
/* Function codes. */
-#define DH_F_COMPUTE_KEY 102
-#define DH_F_DHPARAMS_PRINT_FP 101
-#define DH_F_DH_BUILTIN_GENPARAMS 106
-#define DH_F_DH_COMPUTE_KEY 114
-#define DH_F_DH_GENERATE_KEY 115
-#define DH_F_DH_GENERATE_PARAMETERS_EX 116
-#define DH_F_DH_NEW_METHOD 105
-#define DH_F_DH_PARAM_DECODE 107
-#define DH_F_DH_PRIV_DECODE 110
-#define DH_F_DH_PRIV_ENCODE 111
-#define DH_F_DH_PUB_DECODE 108
-#define DH_F_DH_PUB_ENCODE 109
-#define DH_F_DO_DH_PRINT 100
-#define DH_F_GENERATE_KEY 103
-#define DH_F_GENERATE_PARAMETERS 104
-#define DH_F_PKEY_DH_DERIVE 112
-#define DH_F_PKEY_DH_KEYGEN 113
+# define DH_F_COMPUTE_KEY 102
+# define DH_F_DHPARAMS_PRINT_FP 101
+# define DH_F_DH_BUILTIN_GENPARAMS 106
+# define DH_F_DH_CMS_DECRYPT 117
+# define DH_F_DH_CMS_SET_PEERKEY 118
+# define DH_F_DH_CMS_SET_SHARED_INFO 119
+# define DH_F_DH_COMPUTE_KEY 114
+# define DH_F_DH_GENERATE_KEY 115
+# define DH_F_DH_GENERATE_PARAMETERS_EX 116
+# define DH_F_DH_NEW_METHOD 105
+# define DH_F_DH_PARAM_DECODE 107
+# define DH_F_DH_PRIV_DECODE 110
+# define DH_F_DH_PRIV_ENCODE 111
+# define DH_F_DH_PUB_DECODE 108
+# define DH_F_DH_PUB_ENCODE 109
+# define DH_F_DO_DH_PRINT 100
+# define DH_F_GENERATE_KEY 103
+# define DH_F_GENERATE_PARAMETERS 104
+# define DH_F_PKEY_DH_DERIVE 112
+# define DH_F_PKEY_DH_KEYGEN 113
/* Reason codes. */
-#define DH_R_BAD_GENERATOR 101
-#define DH_R_BN_DECODE_ERROR 109
-#define DH_R_BN_ERROR 106
-#define DH_R_DECODE_ERROR 104
-#define DH_R_INVALID_PUBKEY 102
-#define DH_R_KEYS_NOT_SET 108
-#define DH_R_KEY_SIZE_TOO_SMALL 110
-#define DH_R_MODULUS_TOO_LARGE 103
-#define DH_R_NON_FIPS_METHOD 111
-#define DH_R_NO_PARAMETERS_SET 107
-#define DH_R_NO_PRIVATE_VALUE 100
-#define DH_R_PARAMETER_ENCODING_ERROR 105
+# define DH_R_BAD_GENERATOR 101
+# define DH_R_BN_DECODE_ERROR 109
+# define DH_R_BN_ERROR 106
+# define DH_R_DECODE_ERROR 104
+# define DH_R_INVALID_PUBKEY 102
+# define DH_R_KDF_PARAMETER_ERROR 112
+# define DH_R_KEYS_NOT_SET 108
+# define DH_R_KEY_SIZE_TOO_SMALL 110
+# define DH_R_MODULUS_TOO_LARGE 103
+# define DH_R_NON_FIPS_METHOD 111
+# define DH_R_NO_PARAMETERS_SET 107
+# define DH_R_NO_PRIVATE_VALUE 100
+# define DH_R_PARAMETER_ENCODING_ERROR 105
+# define DH_R_PEER_KEY_ERROR 113
+# define DH_R_SHARED_INFO_ERROR 114
#ifdef __cplusplus
}
diff --git a/openssl/crypto/dh/dh_ameth.c b/openssl/crypto/dh/dh_ameth.c
index 02ec2d47b..a8349e737 100644
--- a/openssl/crypto/dh/dh_ameth.c
+++ b/openssl/crypto/dh/dh_ameth.c
@@ -1,5 +1,6 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
@@ -9,7 +10,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -62,440 +63,891 @@
#include <openssl/dh.h>
#include <openssl/bn.h>
#include "asn1_locl.h"
+#ifndef OPENSSL_NO_CMS
+# include <openssl/cms.h>
+#endif
-static void int_dh_free(EVP_PKEY *pkey)
- {
- DH_free(pkey->pkey.dh);
- }
-
-static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
- {
- const unsigned char *p, *pm;
- int pklen, pmlen;
- int ptype;
- void *pval;
- ASN1_STRING *pstr;
- X509_ALGOR *palg;
- ASN1_INTEGER *public_key = NULL;
-
- DH *dh = NULL;
-
- if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
- return 0;
- X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
- if (ptype != V_ASN1_SEQUENCE)
- {
- DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
- goto err;
- }
-
- pstr = pval;
- pm = pstr->data;
- pmlen = pstr->length;
-
- if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
- {
- DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
- goto err;
- }
-
- if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
- {
- DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
- goto err;
- }
-
- /* We have parameters now set public key */
- if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
- {
- DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
- goto err;
- }
-
- ASN1_INTEGER_free(public_key);
- EVP_PKEY_assign_DH(pkey, dh);
- return 1;
-
- err:
- if (public_key)
- ASN1_INTEGER_free(public_key);
- if (dh)
- DH_free(dh);
- return 0;
-
- }
+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
-static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
- {
- DH *dh;
- void *pval = NULL;
- int ptype;
- unsigned char *penc = NULL;
- int penclen;
- ASN1_STRING *str;
- ASN1_INTEGER *pub_key = NULL;
-
- dh=pkey->pkey.dh;
-
- str = ASN1_STRING_new();
- str->length = i2d_DHparams(dh, &str->data);
- if (str->length <= 0)
- {
- DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- pval = str;
- ptype = V_ASN1_SEQUENCE;
-
- pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
- if (!pub_key)
- goto err;
-
- penclen = i2d_ASN1_INTEGER(pub_key, &penc);
-
- ASN1_INTEGER_free(pub_key);
-
- if (penclen <= 0)
- {
- DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH),
- ptype, pval, penc, penclen))
- return 1;
-
- err:
- if (penc)
- OPENSSL_free(penc);
- if (pval)
- ASN1_STRING_free(pval);
-
- return 0;
- }
-
-
-/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
- * that the AlgorithmIdentifier contains the paramaters, the private key
- * is explcitly included and the pubkey must be recalculated.
+/*
+ * i2d/d2i like DH parameter functions which use the appropriate routine for
+ * PKCS#3 DH or X9.42 DH.
*/
-
-static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
- {
- const unsigned char *p, *pm;
- int pklen, pmlen;
- int ptype;
- void *pval;
- ASN1_STRING *pstr;
- X509_ALGOR *palg;
- ASN1_INTEGER *privkey = NULL;
- DH *dh = NULL;
-
- if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
- return 0;
-
- X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
- if (ptype != V_ASN1_SEQUENCE)
- goto decerr;
+static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp,
+ long length)
+{
+ if (pkey->ameth == &dhx_asn1_meth)
+ return d2i_DHxparams(NULL, pp, length);
+ return d2i_DHparams(NULL, pp, length);
+}
- if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
- goto decerr;
+static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp)
+{
+ if (pkey->ameth == &dhx_asn1_meth)
+ return i2d_DHxparams(a, pp);
+ return i2d_DHparams(a, pp);
+}
+static void int_dh_free(EVP_PKEY *pkey)
+{
+ DH_free(pkey->pkey.dh);
+}
- pstr = pval;
- pm = pstr->data;
- pmlen = pstr->length;
- if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
- goto decerr;
- /* We have parameters now set private key */
- if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
- {
- DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR);
- goto dherr;
- }
- /* Calculate public key */
- if (!DH_generate_key(dh))
- goto dherr;
+static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+ const unsigned char *p, *pm;
+ int pklen, pmlen;
+ int ptype;
+ void *pval;
+ ASN1_STRING *pstr;
+ X509_ALGOR *palg;
+ ASN1_INTEGER *public_key = NULL;
+
+ DH *dh = NULL;
+
+ if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+ return 0;
+ X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+ if (ptype != V_ASN1_SEQUENCE) {
+ DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
+ goto err;
+ }
+
+ pstr = pval;
+ pm = pstr->data;
+ pmlen = pstr->length;
+
+ if (!(dh = d2i_dhp(pkey, &pm, pmlen))) {
+ DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+ goto err;
+ }
+
+ if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) {
+ DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+ goto err;
+ }
+
+ /* We have parameters now set public key */
+ if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
+ DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
+ goto err;
+ }
+
+ ASN1_INTEGER_free(public_key);
+ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+ return 1;
+
+ err:
+ if (public_key)
+ ASN1_INTEGER_free(public_key);
+ if (dh)
+ DH_free(dh);
+ return 0;
- EVP_PKEY_assign_DH(pkey, dh);
+}
- ASN1_INTEGER_free(privkey);
+static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+ DH *dh;
+ void *pval = NULL;
+ int ptype;
+ unsigned char *penc = NULL;
+ int penclen;
+ ASN1_STRING *str;
+ ASN1_INTEGER *pub_key = NULL;
+
+ dh = pkey->pkey.dh;
+
+ str = ASN1_STRING_new();
+ str->length = i2d_dhp(pkey, dh, &str->data);
+ if (str->length <= 0) {
+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ pval = str;
+ ptype = V_ASN1_SEQUENCE;
+
+ pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
+ if (!pub_key)
+ goto err;
+
+ penclen = i2d_ASN1_INTEGER(pub_key, &penc);
+
+ ASN1_INTEGER_free(pub_key);
+
+ if (penclen <= 0) {
+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+ ptype, pval, penc, penclen))
+ return 1;
+
+ err:
+ if (penc)
+ OPENSSL_free(penc);
+ if (pval)
+ ASN1_STRING_free(pval);
+
+ return 0;
+}
- return 1;
+/*
+ * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that
+ * the AlgorithmIdentifier contains the paramaters, the private key is
+ * explcitly included and the pubkey must be recalculated.
+ */
- decerr:
- DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
- dherr:
- DH_free(dh);
- return 0;
- }
+static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+{
+ const unsigned char *p, *pm;
+ int pklen, pmlen;
+ int ptype;
+ void *pval;
+ ASN1_STRING *pstr;
+ X509_ALGOR *palg;
+ ASN1_INTEGER *privkey = NULL;
+
+ DH *dh = NULL;
+
+ if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+ return 0;
+
+ X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+ if (ptype != V_ASN1_SEQUENCE)
+ goto decerr;
+
+ if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)))
+ goto decerr;
+
+ pstr = pval;
+ pm = pstr->data;
+ pmlen = pstr->length;
+ if (!(dh = d2i_dhp(pkey, &pm, pmlen)))
+ goto decerr;
+ /* We have parameters now set private key */
+ if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
+ DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
+ goto dherr;
+ }
+ /* Calculate public key */
+ if (!DH_generate_key(dh))
+ goto dherr;
+
+ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+
+ ASN1_INTEGER_free(privkey);
+
+ return 1;
+
+ decerr:
+ DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
+ dherr:
+ DH_free(dh);
+ return 0;
+}
static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
- ASN1_STRING *params = NULL;
- ASN1_INTEGER *prkey = NULL;
- unsigned char *dp = NULL;
- int dplen;
-
- params = ASN1_STRING_new();
-
- if (!params)
- {
- DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
- if (params->length <= 0)
- {
- DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- params->type = V_ASN1_SEQUENCE;
-
- /* Get private key into integer */
- prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
-
- if (!prkey)
- {
- DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR);
- goto err;
- }
-
- dplen = i2d_ASN1_INTEGER(prkey, &dp);
-
- ASN1_INTEGER_free(prkey);
-
- if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
- V_ASN1_SEQUENCE, params, dp, dplen))
- goto err;
-
- return 1;
-
-err:
- if (dp != NULL)
- OPENSSL_free(dp);
- if (params != NULL)
- ASN1_STRING_free(params);
- if (prkey != NULL)
- ASN1_INTEGER_free(prkey);
- return 0;
+ ASN1_STRING *params = NULL;
+ ASN1_INTEGER *prkey = NULL;
+ unsigned char *dp = NULL;
+ int dplen;
+
+ params = ASN1_STRING_new();
+
+ if (!params) {
+ DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ params->length = i2d_dhp(pkey, pkey->pkey.dh, &params->data);
+ if (params->length <= 0) {
+ DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ params->type = V_ASN1_SEQUENCE;
+
+ /* Get private key into integer */
+ prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
+
+ if (!prkey) {
+ DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
+ goto err;
+ }
+
+ dplen = i2d_ASN1_INTEGER(prkey, &dp);
+
+ ASN1_INTEGER_free(prkey);
+
+ if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+ V_ASN1_SEQUENCE, params, dp, dplen))
+ goto err;
+
+ return 1;
+
+ err:
+ if (dp != NULL)
+ OPENSSL_free(dp);
+ if (params != NULL)
+ ASN1_STRING_free(params);
+ if (prkey != NULL)
+ ASN1_INTEGER_free(prkey);
+ return 0;
}
-
static void update_buflen(const BIGNUM *b, size_t *pbuflen)
- {
- size_t i;
- if (!b)
- return;
- if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
- *pbuflen = i;
- }
+{
+ size_t i;
+ if (!b)
+ return;
+ if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
+ *pbuflen = i;
+}
static int dh_param_decode(EVP_PKEY *pkey,
- const unsigned char **pder, int derlen)
- {
- DH *dh;
- if (!(dh = d2i_DHparams(NULL, pder, derlen)))
- {
- DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
- return 0;
- }
- EVP_PKEY_assign_DH(pkey, dh);
- return 1;
- }
+ const unsigned char **pder, int derlen)
+{
+ DH *dh;
+ if (!(dh = d2i_dhp(pkey, pder, derlen))) {
+ DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
+ return 0;
+ }
+ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+ return 1;
+}
static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
- {
- return i2d_DHparams(pkey->pkey.dh, pder);
- }
+{
+ return i2d_dhp(pkey, pkey->pkey.dh, pder);
+}
static int do_dh_print(BIO *bp, const DH *x, int indent,
- ASN1_PCTX *ctx, int ptype)
- {
- unsigned char *m=NULL;
- int reason=ERR_R_BUF_LIB,ret=0;
- size_t buf_len=0;
-
- const char *ktype = NULL;
-
- BIGNUM *priv_key, *pub_key;
-
- if (ptype == 2)
- priv_key = x->priv_key;
- else
- priv_key = NULL;
-
- if (ptype > 0)
- pub_key = x->pub_key;
- else
- pub_key = NULL;
-
- update_buflen(x->p, &buf_len);
-
- if (buf_len == 0)
- {
- reason = ERR_R_PASSED_NULL_PARAMETER;
- goto err;
- }
-
- update_buflen(x->g, &buf_len);
- update_buflen(pub_key, &buf_len);
- update_buflen(priv_key, &buf_len);
-
- if (ptype == 2)
- ktype = "PKCS#3 DH Private-Key";
- else if (ptype == 1)
- ktype = "PKCS#3 DH Public-Key";
- else
- ktype = "PKCS#3 DH Parameters";
-
- m= OPENSSL_malloc(buf_len+10);
- if (m == NULL)
- {
- reason=ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
- BIO_indent(bp, indent, 128);
- if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
- goto err;
- indent += 4;
-
- if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err;
- if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err;
-
- if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err;
- if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err;
- if (x->length != 0)
- {
- BIO_indent(bp, indent, 128);
- if (BIO_printf(bp,"recommended-private-length: %d bits\n",
- (int)x->length) <= 0) goto err;
- }
-
-
- ret=1;
- if (0)
- {
-err:
- DHerr(DH_F_DO_DH_PRINT,reason);
- }
- if (m != NULL) OPENSSL_free(m);
- return(ret);
- }
+ ASN1_PCTX *ctx, int ptype)
+{
+ unsigned char *m = NULL;
+ int reason = ERR_R_BUF_LIB, ret = 0;
+ size_t buf_len = 0;
+
+ const char *ktype = NULL;
+
+ BIGNUM *priv_key, *pub_key;
+
+ if (ptype == 2)
+ priv_key = x->priv_key;
+ else
+ priv_key = NULL;
+
+ if (ptype > 0)
+ pub_key = x->pub_key;
+ else
+ pub_key = NULL;
+
+ update_buflen(x->p, &buf_len);
+
+ if (buf_len == 0) {
+ reason = ERR_R_PASSED_NULL_PARAMETER;
+ goto err;
+ }
+
+ update_buflen(x->g, &buf_len);
+ update_buflen(x->q, &buf_len);
+ update_buflen(x->j, &buf_len);
+ update_buflen(x->counter, &buf_len);
+ update_buflen(pub_key, &buf_len);
+ update_buflen(priv_key, &buf_len);
+
+ if (ptype == 2)
+ ktype = "DH Private-Key";
+ else if (ptype == 1)
+ ktype = "DH Public-Key";
+ else
+ ktype = "DH Parameters";
+
+ m = OPENSSL_malloc(buf_len + 10);
+ if (m == NULL) {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ BIO_indent(bp, indent, 128);
+ if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
+ goto err;
+ indent += 4;
+
+ if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent))
+ goto err;
+ if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent))
+ goto err;
+
+ if (!ASN1_bn_print(bp, "prime:", x->p, m, indent))
+ goto err;
+ if (!ASN1_bn_print(bp, "generator:", x->g, m, indent))
+ goto err;
+ if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, m, indent))
+ goto err;
+ if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, m, indent))
+ goto err;
+ if (x->seed) {
+ int i;
+ BIO_indent(bp, indent, 128);
+ BIO_puts(bp, "seed:");
+ for (i = 0; i < x->seedlen; i++) {
+ if ((i % 15) == 0) {
+ if (BIO_puts(bp, "\n") <= 0
+ || !BIO_indent(bp, indent + 4, 128))
+ goto err;
+ }
+ if (BIO_printf(bp, "%02x%s", x->seed[i],
+ ((i + 1) == x->seedlen) ? "" : ":") <= 0)
+ goto err;
+ }
+ if (BIO_write(bp, "\n", 1) <= 0)
+ return (0);
+ }
+ if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, m, indent))
+ goto err;
+ if (x->length != 0) {
+ BIO_indent(bp, indent, 128);
+ if (BIO_printf(bp, "recommended-private-length: %d bits\n",
+ (int)x->length) <= 0)
+ goto err;
+ }
+
+ ret = 1;
+ if (0) {
+ err:
+ DHerr(DH_F_DO_DH_PRINT, reason);
+ }
+ if (m != NULL)
+ OPENSSL_free(m);
+ return (ret);
+}
static int int_dh_size(const EVP_PKEY *pkey)
- {
- return(DH_size(pkey->pkey.dh));
- }
+{
+ return (DH_size(pkey->pkey.dh));
+}
static int dh_bits(const EVP_PKEY *pkey)
- {
- return BN_num_bits(pkey->pkey.dh->p);
- }
+{
+ return BN_num_bits(pkey->pkey.dh->p);
+}
static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
- {
- if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) ||
- BN_cmp(a->pkey.dh->g,b->pkey.dh->g))
- return 0;
- else
- return 1;
- }
+{
+ if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
+ BN_cmp(a->pkey.dh->g, b->pkey.dh->g))
+ return 0;
+ else if (a->ameth == &dhx_asn1_meth) {
+ if (BN_cmp(a->pkey.dh->q, b->pkey.dh->q))
+ return 0;
+ }
+ return 1;
+}
-static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
- {
- BIGNUM *a;
+static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src)
+{
+ BIGNUM *a;
+ if (src) {
+ a = BN_dup(src);
+ if (!a)
+ return 0;
+ } else
+ a = NULL;
+ if (*dst)
+ BN_free(*dst);
+ *dst = a;
+ return 1;
+}
- if ((a=BN_dup(from->pkey.dh->p)) == NULL)
- return 0;
- if (to->pkey.dh->p != NULL)
- BN_free(to->pkey.dh->p);
- to->pkey.dh->p=a;
+static int int_dh_param_copy(DH *to, const DH *from, int is_x942)
+{
+ if (is_x942 == -1)
+ is_x942 = ! !from->q;
+ if (!int_dh_bn_cpy(&to->p, from->p))
+ return 0;
+ if (!int_dh_bn_cpy(&to->g, from->g))
+ return 0;
+ if (is_x942) {
+ if (!int_dh_bn_cpy(&to->q, from->q))
+ return 0;
+ if (!int_dh_bn_cpy(&to->j, from->j))
+ return 0;
+ if (to->seed) {
+ OPENSSL_free(to->seed);
+ to->seed = NULL;
+ to->seedlen = 0;
+ }
+ if (from->seed) {
+ to->seed = BUF_memdup(from->seed, from->seedlen);
+ if (!to->seed)
+ return 0;
+ to->seedlen = from->seedlen;
+ }
+ } else
+ to->length = from->length;
+ return 1;
+}
- if ((a=BN_dup(from->pkey.dh->g)) == NULL)
- return 0;
- if (to->pkey.dh->g != NULL)
- BN_free(to->pkey.dh->g);
- to->pkey.dh->g=a;
+DH *DHparams_dup(DH *dh)
+{
+ DH *ret;
+ ret = DH_new();
+ if (!ret)
+ return NULL;
+ if (!int_dh_param_copy(ret, dh, -1)) {
+ DH_free(ret);
+ return NULL;
+ }
+ return ret;
+}
- return 1;
- }
+static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+ return int_dh_param_copy(to->pkey.dh, from->pkey.dh,
+ from->ameth == &dhx_asn1_meth);
+}
static int dh_missing_parameters(const EVP_PKEY *a)
- {
- if (!a->pkey.dh->p || !a->pkey.dh->g)
- return 1;
- return 0;
- }
+{
+ if (!a->pkey.dh->p || !a->pkey.dh->g)
+ return 1;
+ return 0;
+}
static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
- {
- if (dh_cmp_parameters(a, b) == 0)
- return 0;
- if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0)
- return 0;
- else
- return 1;
- }
+{
+ if (dh_cmp_parameters(a, b) == 0)
+ return 0;
+ if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
+ return 0;
+ else
+ return 1;
+}
static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *ctx)
- {
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
- }
+ ASN1_PCTX *ctx)
+{
+ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
+}
static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *ctx)
- {
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
- }
+ ASN1_PCTX *ctx)
+{
+ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
+}
static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *ctx)
- {
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
- }
+ ASN1_PCTX *ctx)
+{
+ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
+}
int DHparams_print(BIO *bp, const DH *x)
- {
- return do_dh_print(bp, x, 4, NULL, 0);
- }
-
-const EVP_PKEY_ASN1_METHOD dh_asn1_meth =
- {
- EVP_PKEY_DH,
- EVP_PKEY_DH,
- 0,
-
- "DH",
- "OpenSSL PKCS#3 DH method",
-
- dh_pub_decode,
- dh_pub_encode,
- dh_pub_cmp,
- dh_public_print,
-
- dh_priv_decode,
- dh_priv_encode,
- dh_private_print,
-
- int_dh_size,
- dh_bits,
-
- dh_param_decode,
- dh_param_encode,
- dh_missing_parameters,
- dh_copy_parameters,
- dh_cmp_parameters,
- dh_param_print,
- 0,
-
- int_dh_free,
- 0
- };
+{
+ return do_dh_print(bp, x, 4, NULL, 0);
+}
+
+#ifndef OPENSSL_NO_CMS
+static int dh_cms_decrypt(CMS_RecipientInfo *ri);
+static int dh_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
+
+static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+ switch (op) {
+#ifndef OPENSSL_NO_CMS
+
+ case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+ if (arg1 == 1)
+ return dh_cms_decrypt(arg2);
+ else if (arg1 == 0)
+ return dh_cms_encrypt(arg2);
+ return -2;
+
+ case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+ *(int *)arg2 = CMS_RECIPINFO_AGREE;
+ return 1;
+#endif
+ default:
+ return -2;
+ }
+
+}
+
+const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
+ EVP_PKEY_DH,
+ EVP_PKEY_DH,
+ 0,
+
+ "DH",
+ "OpenSSL PKCS#3 DH method",
+
+ dh_pub_decode,
+ dh_pub_encode,
+ dh_pub_cmp,
+ dh_public_print,
+
+ dh_priv_decode,
+ dh_priv_encode,
+ dh_private_print,
+
+ int_dh_size,
+ dh_bits,
+
+ dh_param_decode,
+ dh_param_encode,
+ dh_missing_parameters,
+ dh_copy_parameters,
+ dh_cmp_parameters,
+ dh_param_print,
+ 0,
+
+ int_dh_free,
+ 0
+};
+
+const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
+ EVP_PKEY_DHX,
+ EVP_PKEY_DHX,
+ 0,
+
+ "X9.42 DH",
+ "OpenSSL X9.42 DH method",
+
+ dh_pub_decode,
+ dh_pub_encode,
+ dh_pub_cmp,
+ dh_public_print,
+
+ dh_priv_decode,
+ dh_priv_encode,
+ dh_private_print,
+
+ int_dh_size,
+ dh_bits,
+
+ dh_param_decode,
+ dh_param_encode,
+ dh_missing_parameters,
+ dh_copy_parameters,
+ dh_cmp_parameters,
+ dh_param_print,
+ 0,
+
+ int_dh_free,
+ dh_pkey_ctrl
+};
+
+#ifndef OPENSSL_NO_CMS
+
+static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
+ X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
+{
+ ASN1_OBJECT *aoid;
+ int atype;
+ void *aval;
+ ASN1_INTEGER *public_key = NULL;
+ int rv = 0;
+ EVP_PKEY *pkpeer = NULL, *pk = NULL;
+ DH *dhpeer = NULL;
+ const unsigned char *p;
+ int plen;
+
+ X509_ALGOR_get0(&aoid, &atype, &aval, alg);
+ if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
+ goto err;
+ /* Only absent parameters allowed in RFC XXXX */
+ if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
+ goto err;
+
+ pk = EVP_PKEY_CTX_get0_pkey(pctx);
+ if (!pk)
+ goto err;
+ if (pk->type != EVP_PKEY_DHX)
+ goto err;
+ /* Get parameters from parent key */
+ dhpeer = DHparams_dup(pk->pkey.dh);
+ /* We have parameters now set public key */
+ plen = ASN1_STRING_length(pubkey);
+ p = ASN1_STRING_data(pubkey);
+ if (!p || !plen)
+ goto err;
+
+ if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, plen))) {
+ DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR);
+ goto err;
+ }
+
+ /* We have parameters now set public key */
+ if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
+ DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR);
+ goto err;
+ }
+
+ pkpeer = EVP_PKEY_new();
+ if (!pkpeer)
+ goto err;
+ EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer);
+ dhpeer = NULL;
+ if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
+ rv = 1;
+ err:
+ if (public_key)
+ ASN1_INTEGER_free(public_key);
+ if (pkpeer)
+ EVP_PKEY_free(pkpeer);
+ if (dhpeer)
+ DH_free(dhpeer);
+ return rv;
+}
+
+static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
+{
+ int rv = 0;
+
+ X509_ALGOR *alg, *kekalg = NULL;
+ ASN1_OCTET_STRING *ukm;
+ const unsigned char *p;
+ unsigned char *dukm = NULL;
+ size_t dukmlen = 0;
+ int keylen, plen;
+ const EVP_CIPHER *kekcipher;
+ EVP_CIPHER_CTX *kekctx;
+
+ if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
+ goto err;
+
+ /*
+ * For DH we only have one OID permissible. If ever any more get defined
+ * we will need something cleverer.
+ */
+ if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
+ DHerr(DH_F_DH_CMS_SET_SHARED_INFO, DH_R_KDF_PARAMETER_ERROR);
+ goto err;
+ }
+
+ if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0)
+ goto err;
+
+ if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
+ goto err;
+
+ if (alg->parameter->type != V_ASN1_SEQUENCE)
+ goto err;
+
+ p = alg->parameter->value.sequence->data;
+ plen = alg->parameter->value.sequence->length;
+ kekalg = d2i_X509_ALGOR(NULL, &p, plen);
+ if (!kekalg)
+ goto err;
+ kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+ if (!kekctx)
+ goto err;
+ kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+ if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+ goto err;
+ if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
+ goto err;
+ if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
+ goto err;
+
+ keylen = EVP_CIPHER_CTX_key_length(kekctx);
+ if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
+ goto err;
+ /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */
+ if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx,
+ OBJ_nid2obj(EVP_CIPHER_type(kekcipher)))
+ <= 0)
+ goto err;
+
+ if (ukm) {
+ dukmlen = ASN1_STRING_length(ukm);
+ dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen);
+ if (!dukm)
+ goto err;
+ }
+
+ if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
+ goto err;
+ dukm = NULL;
+
+ rv = 1;
+ err:
+ if (kekalg)
+ X509_ALGOR_free(kekalg);
+ if (dukm)
+ OPENSSL_free(dukm);
+ return rv;
+}
+
+static int dh_cms_decrypt(CMS_RecipientInfo *ri)
+{
+ EVP_PKEY_CTX *pctx;
+ pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+ if (!pctx)
+ return 0;
+ /* See if we need to set peer key */
+ if (!EVP_PKEY_CTX_get0_peerkey(pctx)) {
+ X509_ALGOR *alg;
+ ASN1_BIT_STRING *pubkey;
+ if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,
+ NULL, NULL, NULL))
+ return 0;
+ if (!alg || !pubkey)
+ return 0;
+ if (!dh_cms_set_peerkey(pctx, alg, pubkey)) {
+ DHerr(DH_F_DH_CMS_DECRYPT, DH_R_PEER_KEY_ERROR);
+ return 0;
+ }
+ }
+ /* Set DH derivation parameters and initialise unwrap context */
+ if (!dh_cms_set_shared_info(pctx, ri)) {
+ DHerr(DH_F_DH_CMS_DECRYPT, DH_R_SHARED_INFO_ERROR);
+ return 0;
+ }
+ return 1;
+}
+
+static int dh_cms_encrypt(CMS_RecipientInfo *ri)
+{
+ EVP_PKEY_CTX *pctx;
+ EVP_PKEY *pkey;
+ EVP_CIPHER_CTX *ctx;
+ int keylen;
+ X509_ALGOR *talg, *wrap_alg = NULL;
+ ASN1_OBJECT *aoid;
+ ASN1_BIT_STRING *pubkey;
+ ASN1_STRING *wrap_str;
+ ASN1_OCTET_STRING *ukm;
+ unsigned char *penc = NULL, *dukm = NULL;
+ int penclen;
+ size_t dukmlen = 0;
+ int rv = 0;
+ int kdf_type, wrap_nid;
+ const EVP_MD *kdf_md;
+ pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+ if (!pctx)
+ return 0;
+ /* Get ephemeral key */
+ pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+ if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
+ NULL, NULL, NULL))
+ goto err;
+ X509_ALGOR_get0(&aoid, NULL, NULL, talg);
+ /* Is everything uninitialised? */
+ if (aoid == OBJ_nid2obj(NID_undef)) {
+ ASN1_INTEGER *pubk;
+ pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
+ if (!pubk)
+ goto err;
+ /* Set the key */
+
+ penclen = i2d_ASN1_INTEGER(pubk, &penc);
+ ASN1_INTEGER_free(pubk);
+ if (penclen <= 0)
+ goto err;
+ ASN1_STRING_set0(pubkey, penc, penclen);
+ pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+ pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+
+ penc = NULL;
+ X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber),
+ V_ASN1_UNDEF, NULL);
+ }
+
+ /* See if custom paraneters set */
+ kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
+ if (kdf_type <= 0)
+ goto err;
+ if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md))
+ goto err;
+
+ if (kdf_type == EVP_PKEY_DH_KDF_NONE) {
+ kdf_type = EVP_PKEY_DH_KDF_X9_42;
+ if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0)
+ goto err;
+ } else if (kdf_type != EVP_PKEY_DH_KDF_X9_42)
+ /* Unknown KDF */
+ goto err;
+ if (kdf_md == NULL) {
+ /* Only SHA1 supported */
+ kdf_md = EVP_sha1();
+ if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)
+ goto err;
+ } else if (EVP_MD_type(kdf_md) != NID_sha1)
+ /* Unsupported digest */
+ goto err;
+
+ if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
+ goto err;
+
+ /* Get wrap NID */
+ ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+ wrap_nid = EVP_CIPHER_CTX_type(ctx);
+ if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)
+ goto err;
+ keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+ /* Package wrap algorithm in an AlgorithmIdentifier */
+
+ wrap_alg = X509_ALGOR_new();
+ if (!wrap_alg)
+ goto err;
+ wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
+ wrap_alg->parameter = ASN1_TYPE_new();
+ if (!wrap_alg->parameter)
+ goto err;
+ if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
+ goto err;
+ if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
+ ASN1_TYPE_free(wrap_alg->parameter);
+ wrap_alg->parameter = NULL;
+ }
+
+ if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
+ goto err;
+
+ if (ukm) {
+ dukmlen = ASN1_STRING_length(ukm);
+ dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen);
+ if (!dukm)
+ goto err;
+ }
+
+ if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
+ goto err;
+ dukm = NULL;
+
+ /*
+ * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter
+ * of another AlgorithmIdentifier.
+ */
+ penc = NULL;
+ penclen = i2d_X509_ALGOR(wrap_alg, &penc);
+ if (!penc || !penclen)
+ goto err;
+ wrap_str = ASN1_STRING_new();
+ if (!wrap_str)
+ goto err;
+ ASN1_STRING_set0(wrap_str, penc, penclen);
+ penc = NULL;
+ X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH),
+ V_ASN1_SEQUENCE, wrap_str);
+
+ rv = 1;
+
+ err:
+ if (penc)
+ OPENSSL_free(penc);
+ if (wrap_alg)
+ X509_ALGOR_free(wrap_alg);
+ return rv;
+}
+#endif
diff --git a/openssl/crypto/dh/dh_asn1.c b/openssl/crypto/dh/dh_asn1.c
index 0b4357d60..f47021439 100644
--- a/openssl/crypto/dh/dh_asn1.c
+++ b/openssl/crypto/dh/dh_asn1.c
@@ -1,6 +1,7 @@
/* dh_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
*/
/* ====================================================================
* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -65,29 +66,124 @@
/* Override the default free and new methods */
static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
- void *exarg)
+ void *exarg)
{
- if(operation == ASN1_OP_NEW_PRE) {
- *pval = (ASN1_VALUE *)DH_new();
- if(*pval) return 2;
- return 0;
- } else if(operation == ASN1_OP_FREE_PRE) {
- DH_free((DH *)*pval);
- *pval = NULL;
- return 2;
- }
- return 1;
+ if (operation == ASN1_OP_NEW_PRE) {
+ *pval = (ASN1_VALUE *)DH_new();
+ if (*pval)
+ return 2;
+ return 0;
+ } else if (operation == ASN1_OP_FREE_PRE) {
+ DH_free((DH *)*pval);
+ *pval = NULL;
+ return 2;
+ }
+ return 1;
}
ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
- ASN1_SIMPLE(DH, p, BIGNUM),
- ASN1_SIMPLE(DH, g, BIGNUM),
- ASN1_OPT(DH, length, ZLONG),
+ ASN1_SIMPLE(DH, p, BIGNUM),
+ ASN1_SIMPLE(DH, g, BIGNUM),
+ ASN1_OPT(DH, length, ZLONG),
} ASN1_SEQUENCE_END_cb(DH, DHparams)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
-DH *DHparams_dup(DH *dh)
- {
- return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
- }
+/*
+ * Internal only structures for handling X9.42 DH: this gets translated to or
+ * from a DH structure straight away.
+ */
+
+typedef struct {
+ ASN1_BIT_STRING *seed;
+ BIGNUM *counter;
+} int_dhvparams;
+
+typedef struct {
+ BIGNUM *p;
+ BIGNUM *q;
+ BIGNUM *g;
+ BIGNUM *j;
+ int_dhvparams *vparams;
+} int_dhx942_dh;
+
+ASN1_SEQUENCE(DHvparams) = {
+ ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
+ ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
+} ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
+
+ASN1_SEQUENCE(DHxparams) = {
+ ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
+ ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
+ ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM),
+ ASN1_OPT(int_dhx942_dh, j, BIGNUM),
+ ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
+} ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
+
+int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a,
+ const unsigned char **pp, long length);
+int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx)
+
+/* Application leve function: read in X9.42 DH parameters into DH structure */
+
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length)
+{
+ int_dhx942_dh *dhx = NULL;
+ DH *dh = NULL;
+ dh = DH_new();
+ if (!dh)
+ return NULL;
+ dhx = d2i_int_dhx(NULL, pp, length);
+ if (!dhx) {
+ DH_free(dh);
+ return NULL;
+ }
+
+ if (a) {
+ if (*a)
+ DH_free(*a);
+ *a = dh;
+ }
+
+ dh->p = dhx->p;
+ dh->q = dhx->q;
+ dh->g = dhx->g;
+ dh->j = dhx->j;
+
+ if (dhx->vparams) {
+ dh->seed = dhx->vparams->seed->data;
+ dh->seedlen = dhx->vparams->seed->length;
+ dh->counter = dhx->vparams->counter;
+ dhx->vparams->seed->data = NULL;
+ ASN1_BIT_STRING_free(dhx->vparams->seed);
+ OPENSSL_free(dhx->vparams);
+ dhx->vparams = NULL;
+ }
+
+ OPENSSL_free(dhx);
+ return dh;
+}
+
+int i2d_DHxparams(const DH *dh, unsigned char **pp)
+{
+ int_dhx942_dh dhx;
+ int_dhvparams dhv;
+ ASN1_BIT_STRING bs;
+ dhx.p = dh->p;
+ dhx.g = dh->g;
+ dhx.q = dh->q;
+ dhx.j = dh->j;
+ if (dh->counter && dh->seed && dh->seedlen > 0) {
+ bs.flags = ASN1_STRING_FLAG_BITS_LEFT;
+ bs.data = dh->seed;
+ bs.length = dh->seedlen;
+ dhv.seed = &bs;
+ dhv.counter = dh->counter;
+ dhx.vparams = &dhv;
+ } else
+ dhx.vparams = NULL;
+
+ return i2d_int_dhx(&dhx, pp);
+}
diff --git a/openssl/crypto/dh/dh_check.c b/openssl/crypto/dh/dh_check.c
index 066898174..347467c6a 100644
--- a/openssl/crypto/dh/dh_check.c
+++ b/openssl/crypto/dh/dh_check.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -61,7 +61,8 @@
#include <openssl/bn.h>
#include <openssl/dh.h>
-/* Check that p is a safe prime and
+/*-
+ * Check that p is a safe prime and
* if g is 2, 3 or 5, check that it is a suitable generator
* where
* for 2, p mod 24 == 11
@@ -71,72 +72,102 @@
*/
int DH_check(const DH *dh, int *ret)
- {
- int ok=0;
- BN_CTX *ctx=NULL;
- BN_ULONG l;
- BIGNUM *q=NULL;
+{
+ int ok = 0;
+ BN_CTX *ctx = NULL;
+ BN_ULONG l;
+ BIGNUM *t1 = NULL, *t2 = NULL;
+
+ *ret = 0;
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ if (t1 == NULL)
+ goto err;
+ t2 = BN_CTX_get(ctx);
+ if (t2 == NULL)
+ goto err;
- *ret=0;
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- q=BN_new();
- if (q == NULL) goto err;
+ if (dh->q) {
+ if (BN_cmp(dh->g, BN_value_one()) <= 0)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ else if (BN_cmp(dh->g, dh->p) >= 0)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ else {
+ /* Check g^q == 1 mod p */
+ if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx))
+ goto err;
+ if (!BN_is_one(t1))
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ }
+ if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL))
+ *ret |= DH_CHECK_Q_NOT_PRIME;
+ /* Check p == 1 mod q i.e. q divides p - 1 */
+ if (!BN_div(t1, t2, dh->p, dh->q, ctx))
+ goto err;
+ if (!BN_is_one(t2))
+ *ret |= DH_CHECK_INVALID_Q_VALUE;
+ if (dh->j && BN_cmp(dh->j, t1))
+ *ret |= DH_CHECK_INVALID_J_VALUE;
- if (BN_is_word(dh->g,DH_GENERATOR_2))
- {
- l=BN_mod_word(dh->p,24);
- if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
+ } else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
+ l = BN_mod_word(dh->p, 24);
+ if (l != 11)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ }
#if 0
- else if (BN_is_word(dh->g,DH_GENERATOR_3))
- {
- l=BN_mod_word(dh->p,12);
- if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
+ else if (BN_is_word(dh->g, DH_GENERATOR_3)) {
+ l = BN_mod_word(dh->p, 12);
+ if (l != 5)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ }
#endif
- else if (BN_is_word(dh->g,DH_GENERATOR_5))
- {
- l=BN_mod_word(dh->p,10);
- if ((l != 3) && (l != 7))
- *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
- else
- *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
+ else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
+ l = BN_mod_word(dh->p, 10);
+ if ((l != 3) && (l != 7))
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ } else
+ *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
- if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
- *ret|=DH_CHECK_P_NOT_PRIME;
- else
- {
- if (!BN_rshift1(q,dh->p)) goto err;
- if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
- *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
- }
- ok=1;
-err:
- if (ctx != NULL) BN_CTX_free(ctx);
- if (q != NULL) BN_free(q);
- return(ok);
- }
+ if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
+ *ret |= DH_CHECK_P_NOT_PRIME;
+ else if (!dh->q) {
+ if (!BN_rshift1(t1, dh->p))
+ goto err;
+ if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL))
+ *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
+ }
+ ok = 1;
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return (ok);
+}
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
- {
- int ok=0;
- BIGNUM *q=NULL;
+{
+ int ok = 0;
+ BIGNUM *q = NULL;
- *ret=0;
- q=BN_new();
- if (q == NULL) goto err;
- BN_set_word(q,1);
- if (BN_cmp(pub_key,q)<=0)
- *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
- BN_copy(q,dh->p);
- BN_sub_word(q,1);
- if (BN_cmp(pub_key,q)>=0)
- *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+ *ret = 0;
+ q = BN_new();
+ if (q == NULL)
+ goto err;
+ BN_set_word(q, 1);
+ if (BN_cmp(pub_key, q) <= 0)
+ *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
+ BN_copy(q, dh->p);
+ BN_sub_word(q, 1);
+ if (BN_cmp(pub_key, q) >= 0)
+ *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
- ok = 1;
-err:
- if (q != NULL) BN_free(q);
- return(ok);
- }
+ ok = 1;
+ err:
+ if (q != NULL)
+ BN_free(q);
+ return (ok);
+}
diff --git a/openssl/crypto/dh/dh_depr.c b/openssl/crypto/dh/dh_depr.c
index acc05f252..b62211993 100644
--- a/openssl/crypto/dh/dh_depr.c
+++ b/openssl/crypto/dh/dh_depr.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,6 @@
*
*/
-
/* This file contains deprecated functions as wrappers to the new ones */
#include <stdio.h>
@@ -61,23 +60,23 @@
#include <openssl/bn.h>
#include <openssl/dh.h>
-static void *dummy=&dummy;
+static void *dummy = &dummy;
#ifndef OPENSSL_NO_DEPRECATED
DH *DH_generate_parameters(int prime_len, int generator,
- void (*callback)(int,int,void *), void *cb_arg)
- {
- BN_GENCB cb;
- DH *ret=NULL;
+ void (*callback) (int, int, void *), void *cb_arg)
+{
+ BN_GENCB cb;
+ DH *ret = NULL;
- if((ret=DH_new()) == NULL)
- return NULL;
+ if ((ret = DH_new()) == NULL)
+ return NULL;
- BN_GENCB_set_old(&cb, callback, cb_arg);
+ BN_GENCB_set_old(&cb, callback, cb_arg);
- if(DH_generate_parameters_ex(ret, prime_len, generator, &cb))
- return ret;
- DH_free(ret);
- return NULL;
- }
+ if (DH_generate_parameters_ex(ret, prime_len, generator, &cb))
+ return ret;
+ DH_free(ret);
+ return NULL;
+}
#endif
diff --git a/openssl/crypto/dh/dh_err.c b/openssl/crypto/dh/dh_err.c
index 56d3df735..b890cca81 100644
--- a/openssl/crypto/dh/dh_err.c
+++ b/openssl/crypto/dh/dh_err.c
@@ -1,13 +1,13 @@
/* crypto/dh/dh_err.c */
/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,58 +66,61 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
-static ERR_STRING_DATA DH_str_functs[]=
- {
-{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
-{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
-{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
-{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX), "DH_generate_parameters_ex"},
-{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
-{ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"},
-{ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
-{ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"},
-{ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"},
-{ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"},
-{ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"},
-{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
-{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
-{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"},
-{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"},
-{0,NULL}
- };
+static ERR_STRING_DATA DH_str_functs[] = {
+ {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
+ {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
+ {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
+ {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"},
+ {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"},
+ {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"},
+ {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
+ {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
+ {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX), "DH_generate_parameters_ex"},
+ {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
+ {ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"},
+ {ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
+ {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"},
+ {ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"},
+ {ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"},
+ {ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"},
+ {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
+ {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
+ {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"},
+ {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"},
+ {0, NULL}
+};
-static ERR_STRING_DATA DH_str_reasons[]=
- {
-{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
-{ERR_REASON(DH_R_BN_DECODE_ERROR) ,"bn decode error"},
-{ERR_REASON(DH_R_BN_ERROR) ,"bn error"},
-{ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"},
-{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
-{ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"},
-{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
-{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
-{ERR_REASON(DH_R_NON_FIPS_METHOD) ,"non fips method"},
-{ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"},
-{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
-{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
-{0,NULL}
- };
+static ERR_STRING_DATA DH_str_reasons[] = {
+ {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"},
+ {ERR_REASON(DH_R_BN_DECODE_ERROR), "bn decode error"},
+ {ERR_REASON(DH_R_BN_ERROR), "bn error"},
+ {ERR_REASON(DH_R_DECODE_ERROR), "decode error"},
+ {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"},
+ {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+ {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"},
+ {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+ {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_REASON(DH_R_NON_FIPS_METHOD), "non fips method"},
+ {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"},
+ {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
+ {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
+ {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"},
+ {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"},
+ {0, NULL}
+};
#endif
void ERR_load_DH_strings(void)
- {
+{
#ifndef OPENSSL_NO_ERR
- if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,DH_str_functs);
- ERR_load_strings(0,DH_str_reasons);
- }
+ if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, DH_str_functs);
+ ERR_load_strings(0, DH_str_reasons);
+ }
#endif
- }
+}
diff --git a/openssl/crypto/dh/dh_gen.c b/openssl/crypto/dh/dh_gen.c
index 7b1fe9c9c..5bedb665f 100644
--- a/openssl/crypto/dh/dh_gen.c
+++ b/openssl/crypto/dh/dh_gen.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,16 +49,16 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
-/* NB: These functions have been upgraded - the previous prototypes are in
- * dh_depr.c as wrappers to these ones.
- * - Geoff
+/*
+ * NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones. - Geoff
*/
#include <stdio.h>
@@ -67,32 +67,33 @@
#include <openssl/dh.h>
#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
#endif
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb);
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
- {
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb)
+{
#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
- && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
- {
- DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
- return 0;
- }
+ if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
+ && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) {
+ DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
+ return 0;
+ }
#endif
- if(ret->meth->generate_params)
- return ret->meth->generate_params(ret, prime_len, generator, cb);
+ if (ret->meth->generate_params)
+ return ret->meth->generate_params(ret, prime_len, generator, cb);
#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- return FIPS_dh_generate_parameters_ex(ret, prime_len,
- generator, cb);
+ if (FIPS_mode())
+ return FIPS_dh_generate_parameters_ex(ret, prime_len, generator, cb);
#endif
- return dh_builtin_genparams(ret, prime_len, generator, cb);
- }
+ return dh_builtin_genparams(ret, prime_len, generator, cb);
+}
-/* We generate DH parameters as follows
+/*-
+ * We generate DH parameters as follows
* find a prime q which is prime_len/2 bits long.
* p=(2*q)+1 or (p-1)/2 = q
* For this case, g is a generator if
@@ -113,80 +114,91 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c
* Since DH should be using a safe prime (both p and q are prime),
* this generator function can take a very very long time to run.
*/
-/* Actually there is no reason to insist that 'generator' be a generator.
+/*
+ * Actually there is no reason to insist that 'generator' be a generator.
* It's just as OK (and in some sense better) to use a generator of the
* order-q subgroup.
*/
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
- {
- BIGNUM *t1,*t2;
- int g,ok= -1;
- BN_CTX *ctx=NULL;
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb)
+{
+ BIGNUM *t1, *t2;
+ int g, ok = -1;
+ BN_CTX *ctx = NULL;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ t2 = BN_CTX_get(ctx);
+ if (t1 == NULL || t2 == NULL)
+ goto err;
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- t2 = BN_CTX_get(ctx);
- if (t1 == NULL || t2 == NULL) goto err;
+ /* Make sure 'ret' has the necessary elements */
+ if (!ret->p && ((ret->p = BN_new()) == NULL))
+ goto err;
+ if (!ret->g && ((ret->g = BN_new()) == NULL))
+ goto err;
- /* Make sure 'ret' has the necessary elements */
- if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
- if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
-
- if (generator <= 1)
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
- goto err;
- }
- if (generator == DH_GENERATOR_2)
- {
- if (!BN_set_word(t1,24)) goto err;
- if (!BN_set_word(t2,11)) goto err;
- g=2;
- }
-#if 0 /* does not work for safe primes */
- else if (generator == DH_GENERATOR_3)
- {
- if (!BN_set_word(t1,12)) goto err;
- if (!BN_set_word(t2,5)) goto err;
- g=3;
- }
+ if (generator <= 1) {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+ goto err;
+ }
+ if (generator == DH_GENERATOR_2) {
+ if (!BN_set_word(t1, 24))
+ goto err;
+ if (!BN_set_word(t2, 11))
+ goto err;
+ g = 2;
+ }
+#if 0 /* does not work for safe primes */
+ else if (generator == DH_GENERATOR_3) {
+ if (!BN_set_word(t1, 12))
+ goto err;
+ if (!BN_set_word(t2, 5))
+ goto err;
+ g = 3;
+ }
#endif
- else if (generator == DH_GENERATOR_5)
- {
- if (!BN_set_word(t1,10)) goto err;
- if (!BN_set_word(t2,3)) goto err;
- /* BN_set_word(t3,7); just have to miss
- * out on these ones :-( */
- g=5;
- }
- else
- {
- /* in the general case, don't worry if 'generator' is a
- * generator or not: since we are using safe primes,
- * it will generate either an order-q or an order-2q group,
- * which both is OK */
- if (!BN_set_word(t1,2)) goto err;
- if (!BN_set_word(t2,1)) goto err;
- g=generator;
- }
-
- if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
- if(!BN_GENCB_call(cb, 3, 0)) goto err;
- if (!BN_set_word(ret->g,g)) goto err;
- ok=1;
-err:
- if (ok == -1)
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
- ok=0;
- }
+ else if (generator == DH_GENERATOR_5) {
+ if (!BN_set_word(t1, 10))
+ goto err;
+ if (!BN_set_word(t2, 3))
+ goto err;
+ /*
+ * BN_set_word(t3,7); just have to miss out on these ones :-(
+ */
+ g = 5;
+ } else {
+ /*
+ * in the general case, don't worry if 'generator' is a generator or
+ * not: since we are using safe primes, it will generate either an
+ * order-q or an order-2q group, which both is OK
+ */
+ if (!BN_set_word(t1, 2))
+ goto err;
+ if (!BN_set_word(t2, 1))
+ goto err;
+ g = generator;
+ }
+
+ if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
+ goto err;
+ if (!BN_GENCB_call(cb, 3, 0))
+ goto err;
+ if (!BN_set_word(ret->g, g))
+ goto err;
+ ok = 1;
+ err:
+ if (ok == -1) {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
+ ok = 0;
+ }
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return ok;
- }
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return ok;
+}
diff --git a/openssl/crypto/dh/dh_kdf.c b/openssl/crypto/dh/dh_kdf.c
new file mode 100755
index 000000000..a882cb286
--- /dev/null
+++ b/openssl/crypto/dh/dh_kdf.c
@@ -0,0 +1,187 @@
+/* crypto/dh/dh_kdf.c */
+/*
+ * Written by Stephen Henson for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <string.h>
+#include <openssl/dh.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/cms.h>
+
+/* Key derivation from X9.42/RFC2631 */
+
+#define DH_KDF_MAX (1L << 30)
+
+/* Skip past an ASN1 structure: for OBJECT skip content octets too */
+
+static int skip_asn1(unsigned char **pp, long *plen, int exptag)
+{
+ const unsigned char *q = *pp;
+ int i, tag, xclass;
+ long tmplen;
+ i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen);
+ if (i & 0x80)
+ return 0;
+ if (tag != exptag || xclass != V_ASN1_UNIVERSAL)
+ return 0;
+ if (tag == V_ASN1_OBJECT)
+ q += tmplen;
+ *plen -= q - *pp;
+ *pp = (unsigned char *)q;
+ return 1;
+}
+
+/*
+ * Encode the DH shared info structure, return an offset to the counter value
+ * so we can update the structure without reencoding it.
+ */
+
+static int dh_sharedinfo_encode(unsigned char **pder, unsigned char **pctr,
+ ASN1_OBJECT *key_oid, size_t outlen,
+ const unsigned char *ukm, size_t ukmlen)
+{
+ unsigned char *p;
+ int derlen;
+ long tlen;
+ /* "magic" value to check offset is sane */
+ static unsigned char ctr[4] = { 0xF3, 0x17, 0x22, 0x53 };
+ X509_ALGOR atmp;
+ ASN1_OCTET_STRING ctr_oct, ukm_oct, *pukm_oct;
+ ASN1_TYPE ctr_atype;
+ if (ukmlen > DH_KDF_MAX || outlen > DH_KDF_MAX)
+ return 0;
+ ctr_oct.data = ctr;
+ ctr_oct.length = 4;
+ ctr_oct.flags = 0;
+ ctr_oct.type = V_ASN1_OCTET_STRING;
+ ctr_atype.type = V_ASN1_OCTET_STRING;
+ ctr_atype.value.octet_string = &ctr_oct;
+ atmp.algorithm = key_oid;
+ atmp.parameter = &ctr_atype;
+ if (ukm) {
+ ukm_oct.type = V_ASN1_OCTET_STRING;
+ ukm_oct.flags = 0;
+ ukm_oct.data = (unsigned char *)ukm;
+ ukm_oct.length = ukmlen;
+ pukm_oct = &ukm_oct;
+ } else
+ pukm_oct = NULL;
+ derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen);
+ if (derlen <= 0)
+ return 0;
+ p = *pder;
+ tlen = derlen;
+ if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
+ return 0;
+ if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
+ return 0;
+ if (!skip_asn1(&p, &tlen, V_ASN1_OBJECT))
+ return 0;
+ if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING))
+ return 0;
+ if (CRYPTO_memcmp(p, ctr, 4))
+ return 0;
+ *pctr = p;
+ return derlen;
+}
+
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ ASN1_OBJECT *key_oid,
+ const unsigned char *ukm, size_t ukmlen, const EVP_MD *md)
+{
+ EVP_MD_CTX mctx;
+ int rv = 0;
+ unsigned int i;
+ size_t mdlen;
+ unsigned char *der = NULL, *ctr;
+ int derlen;
+ if (Zlen > DH_KDF_MAX)
+ return 0;
+ mdlen = EVP_MD_size(md);
+ EVP_MD_CTX_init(&mctx);
+ derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen);
+ if (derlen == 0)
+ goto err;
+ for (i = 1;; i++) {
+ unsigned char mtmp[EVP_MAX_MD_SIZE];
+ EVP_DigestInit_ex(&mctx, md, NULL);
+ if (!EVP_DigestUpdate(&mctx, Z, Zlen))
+ goto err;
+ ctr[3] = i & 0xFF;
+ ctr[2] = (i >> 8) & 0xFF;
+ ctr[1] = (i >> 16) & 0xFF;
+ ctr[0] = (i >> 24) & 0xFF;
+ if (!EVP_DigestUpdate(&mctx, der, derlen))
+ goto err;
+ if (outlen >= mdlen) {
+ if (!EVP_DigestFinal(&mctx, out, NULL))
+ goto err;
+ outlen -= mdlen;
+ if (outlen == 0)
+ break;
+ out += mdlen;
+ } else {
+ if (!EVP_DigestFinal(&mctx, mtmp, NULL))
+ goto err;
+ memcpy(out, mtmp, outlen);
+ OPENSSL_cleanse(mtmp, mdlen);
+ break;
+ }
+ }
+ rv = 1;
+ err:
+ if (der)
+ OPENSSL_free(der);
+ EVP_MD_CTX_cleanup(&mctx);
+ return rv;
+}
diff --git a/openssl/crypto/dh/dh_key.c b/openssl/crypto/dh/dh_key.c
index 89a74db4e..1d80fb2c5 100644
--- a/openssl/crypto/dh/dh_key.c
+++ b/openssl/crypto/dh/dh_key.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -65,228 +65,225 @@
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int dh_init(DH *dh);
static int dh_finish(DH *dh);
int DH_generate_key(DH *dh)
- {
+{
#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
- && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
- {
- DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
- return 0;
- }
+ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
+ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) {
+ DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
+ return 0;
+ }
#endif
- return dh->meth->generate_key(dh);
- }
+ return dh->meth->generate_key(dh);
+}
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
+{
#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
- && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
- {
- DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
- return 0;
- }
+ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
+ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) {
+ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
+ return 0;
+ }
#endif
- return dh->meth->compute_key(key, pub_key, dh);
- }
+ return dh->meth->compute_key(key, pub_key, dh);
+}
+
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+ int rv, pad;
+ rv = dh->meth->compute_key(key, pub_key, dh);
+ if (rv <= 0)
+ return rv;
+ pad = BN_num_bytes(dh->p) - rv;
+ if (pad > 0) {
+ memmove(key + pad, key, rv);
+ memset(key, 0, pad);
+ }
+ return rv + pad;
+}
static DH_METHOD dh_ossl = {
-"OpenSSL DH Method",
-generate_key,
-compute_key,
-dh_bn_mod_exp,
-dh_init,
-dh_finish,
-0,
-NULL,
-NULL
+ "OpenSSL DH Method",
+ generate_key,
+ compute_key,
+ dh_bn_mod_exp,
+ dh_init,
+ dh_finish,
+ 0,
+ NULL,
+ NULL
};
const DH_METHOD *DH_OpenSSL(void)
{
- return &dh_ossl;
+ return &dh_ossl;
}
static int generate_key(DH *dh)
- {
- int ok=0;
- int generate_new_key=0;
- unsigned l;
- BN_CTX *ctx;
- BN_MONT_CTX *mont=NULL;
- BIGNUM *pub_key=NULL,*priv_key=NULL;
+{
+ int ok = 0;
+ int generate_new_key = 0;
+ unsigned l;
+ BN_CTX *ctx;
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
- ctx = BN_CTX_new();
- if (ctx == NULL) goto err;
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
- if (dh->priv_key == NULL)
- {
- priv_key=BN_new();
- if (priv_key == NULL) goto err;
- generate_new_key=1;
- }
- else
- priv_key=dh->priv_key;
+ if (dh->priv_key == NULL) {
+ priv_key = BN_new();
+ if (priv_key == NULL)
+ goto err;
+ generate_new_key = 1;
+ } else
+ priv_key = dh->priv_key;
- if (dh->pub_key == NULL)
- {
- pub_key=BN_new();
- if (pub_key == NULL) goto err;
- }
- else
- pub_key=dh->pub_key;
+ if (dh->pub_key == NULL) {
+ pub_key = BN_new();
+ if (pub_key == NULL)
+ goto err;
+ } else
+ pub_key = dh->pub_key;
+ if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if (!mont)
+ goto err;
+ }
- if (dh->flags & DH_FLAG_CACHE_MONT_P)
- {
- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
- CRYPTO_LOCK_DH, dh->p, ctx);
- if (!mont)
- goto err;
- }
+ if (generate_new_key) {
+ if (dh->q) {
+ do {
+ if (!BN_rand_range(priv_key, dh->q))
+ goto err;
+ }
+ while (BN_is_zero(priv_key) || BN_is_one(priv_key));
+ } else {
+ /* secret exponent length */
+ l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
+ if (!BN_rand(priv_key, l, 0, 0))
+ goto err;
+ }
+ }
- if (generate_new_key)
- {
- if (dh->q)
- {
- do
- {
- if (!BN_rand_range(priv_key, dh->q))
- goto err;
- }
- while (BN_is_zero(priv_key) || BN_is_one(priv_key));
- }
- else
- {
- /* secret exponent length */
- l = dh->length ? dh->length : BN_num_bits(dh->p)-1;
- if (!BN_rand(priv_key, l, 0, 0)) goto err;
- }
- }
+ {
+ BIGNUM local_prk;
+ BIGNUM *prk;
- {
- BIGNUM local_prk;
- BIGNUM *prk;
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+ BN_init(&local_prk);
+ prk = &local_prk;
+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+ } else
+ prk = priv_key;
- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- BN_init(&local_prk);
- prk = &local_prk;
- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
- }
- else
- prk = priv_key;
+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont))
+ goto err;
+ }
- if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
- }
-
- dh->pub_key=pub_key;
- dh->priv_key=priv_key;
- ok=1;
-err:
- if (ok != 1)
- DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
+ dh->pub_key = pub_key;
+ dh->priv_key = priv_key;
+ ok = 1;
+ err:
+ if (ok != 1)
+ DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
- if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
- if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
- BN_CTX_free(ctx);
- return(ok);
- }
+ if ((pub_key != NULL) && (dh->pub_key == NULL))
+ BN_free(pub_key);
+ if ((priv_key != NULL) && (dh->priv_key == NULL))
+ BN_free(priv_key);
+ BN_CTX_free(ctx);
+ return (ok);
+}
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- BN_CTX *ctx=NULL;
- BN_MONT_CTX *mont=NULL;
- BIGNUM *tmp;
- int ret= -1;
- int check_result;
+{
+ BN_CTX *ctx = NULL;
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *tmp;
+ int ret = -1;
+ int check_result;
- if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
- {
- DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
- goto err;
- }
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+ goto err;
+ }
- ctx = BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- tmp = BN_CTX_get(ctx);
-
- if (dh->priv_key == NULL)
- {
- DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
- goto err;
- }
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
- if (dh->flags & DH_FLAG_CACHE_MONT_P)
- {
- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
- CRYPTO_LOCK_DH, dh->p, ctx);
- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- /* XXX */
- BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
- }
- if (!mont)
- goto err;
- }
+ if (dh->priv_key == NULL) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
+ goto err;
+ }
- if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
- {
- DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
- goto err;
- }
+ if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+ /* XXX */
+ BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+ }
+ if (!mont)
+ goto err;
+ }
- if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
- {
- DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
- goto err;
- }
+ if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
+ goto err;
+ }
- ret=BN_bn2bin(tmp,key);
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return(ret);
- }
+ if (!dh->
+ meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) {
+ DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
+ goto err;
+ }
-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- /* If a is only one word long and constant time is false, use the faster
- * exponenentiation function.
- */
- if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
- {
- BN_ULONG A = a->d[0];
- return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
- }
- else
- return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
- }
+ ret = BN_bn2bin(tmp, key);
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return (ret);
+}
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ /*
+ * If a is only one word long and constant time is false, use the faster
+ * exponenentiation function.
+ */
+ if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {
+ BN_ULONG A = a->d[0];
+ return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
+ } else
+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
static int dh_init(DH *dh)
- {
- dh->flags |= DH_FLAG_CACHE_MONT_P;
- return(1);
- }
+{
+ dh->flags |= DH_FLAG_CACHE_MONT_P;
+ return (1);
+}
static int dh_finish(DH *dh)
- {
- if(dh->method_mont_p)
- BN_MONT_CTX_free(dh->method_mont_p);
- return(1);
- }
+{
+ if (dh->method_mont_p)
+ BN_MONT_CTX_free(dh->method_mont_p);
+ return (1);
+}
diff --git a/openssl/crypto/dh/dh_lib.c b/openssl/crypto/dh/dh_lib.c
index 00218f2b9..bebc160ed 100644
--- a/openssl/crypto/dh/dh_lib.c
+++ b/openssl/crypto/dh/dh_lib.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -61,200 +61,203 @@
#include <openssl/bn.h>
#include <openssl/dh.h>
#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
#endif
#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
#endif
-const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT;
static const DH_METHOD *default_DH_method = NULL;
void DH_set_default_method(const DH_METHOD *meth)
- {
- default_DH_method = meth;
- }
+{
+ default_DH_method = meth;
+}
const DH_METHOD *DH_get_default_method(void)
- {
- if(!default_DH_method)
- {
+{
+ if (!default_DH_method) {
#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- return FIPS_dh_openssl();
- else
- return DH_OpenSSL();
+ if (FIPS_mode())
+ return FIPS_dh_openssl();
+ else
+ return DH_OpenSSL();
#else
- default_DH_method = DH_OpenSSL();
+ default_DH_method = DH_OpenSSL();
#endif
- }
- return default_DH_method;
- }
+ }
+ return default_DH_method;
+}
int DH_set_method(DH *dh, const DH_METHOD *meth)
- {
- /* NB: The caller is specifically setting a method, so it's not up to us
- * to deal with which ENGINE it comes from. */
- const DH_METHOD *mtmp;
- mtmp = dh->meth;
- if (mtmp->finish) mtmp->finish(dh);
+{
+ /*
+ * NB: The caller is specifically setting a method, so it's not up to us
+ * to deal with which ENGINE it comes from.
+ */
+ const DH_METHOD *mtmp;
+ mtmp = dh->meth;
+ if (mtmp->finish)
+ mtmp->finish(dh);
#ifndef OPENSSL_NO_ENGINE
- if (dh->engine)
- {
- ENGINE_finish(dh->engine);
- dh->engine = NULL;
- }
+ if (dh->engine) {
+ ENGINE_finish(dh->engine);
+ dh->engine = NULL;
+ }
#endif
- dh->meth = meth;
- if (meth->init) meth->init(dh);
- return 1;
- }
+ dh->meth = meth;
+ if (meth->init)
+ meth->init(dh);
+ return 1;
+}
DH *DH_new(void)
- {
- return DH_new_method(NULL);
- }
+{
+ return DH_new_method(NULL);
+}
DH *DH_new_method(ENGINE *engine)
- {
- DH *ret;
+{
+ DH *ret;
- ret=(DH *)OPENSSL_malloc(sizeof(DH));
- if (ret == NULL)
- {
- DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
+ ret = (DH *)OPENSSL_malloc(sizeof(DH));
+ if (ret == NULL) {
+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
- ret->meth = DH_get_default_method();
+ ret->meth = DH_get_default_method();
#ifndef OPENSSL_NO_ENGINE
- if (engine)
- {
- if (!ENGINE_init(engine))
- {
- DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
- OPENSSL_free(ret);
- return NULL;
- }
- ret->engine = engine;
- }
- else
- ret->engine = ENGINE_get_default_DH();
- if(ret->engine)
- {
- ret->meth = ENGINE_get_DH(ret->engine);
- if(!ret->meth)
- {
- DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- OPENSSL_free(ret);
- return NULL;
- }
- }
+ if (engine) {
+ if (!ENGINE_init(engine)) {
+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ ret->engine = engine;
+ } else
+ ret->engine = ENGINE_get_default_DH();
+ if (ret->engine) {
+ ret->meth = ENGINE_get_DH(ret->engine);
+ if (!ret->meth) {
+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
#endif
- ret->pad=0;
- ret->version=0;
- ret->p=NULL;
- ret->g=NULL;
- ret->length=0;
- ret->pub_key=NULL;
- ret->priv_key=NULL;
- ret->q=NULL;
- ret->j=NULL;
- ret->seed = NULL;
- ret->seedlen = 0;
- ret->counter = NULL;
- ret->method_mont_p=NULL;
- ret->references = 1;
- ret->flags=ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
+ ret->pad = 0;
+ ret->version = 0;
+ ret->p = NULL;
+ ret->g = NULL;
+ ret->length = 0;
+ ret->pub_key = NULL;
+ ret->priv_key = NULL;
+ ret->q = NULL;
+ ret->j = NULL;
+ ret->seed = NULL;
+ ret->seedlen = 0;
+ ret->counter = NULL;
+ ret->method_mont_p = NULL;
+ ret->references = 1;
+ ret->flags = ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
#ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
- ENGINE_finish(ret->engine);
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
- OPENSSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+ return (ret);
+}
void DH_free(DH *r)
- {
- int i;
- if(r == NULL) return;
- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
+{
+ int i;
+ if (r == NULL)
+ return;
+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
#ifdef REF_PRINT
- REF_PRINT("DH",r);
+ REF_PRINT("DH", r);
#endif
- if (i > 0) return;
+ if (i > 0)
+ return;
#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"DH_free, bad reference count\n");
- abort();
- }
+ if (i < 0) {
+ fprintf(stderr, "DH_free, bad reference count\n");
+ abort();
+ }
#endif
- if (r->meth->finish)
- r->meth->finish(r);
+ if (r->meth->finish)
+ r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
- if (r->engine)
- ENGINE_finish(r->engine);
+ if (r->engine)
+ ENGINE_finish(r->engine);
#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->g != NULL) BN_clear_free(r->g);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->j != NULL) BN_clear_free(r->j);
- if (r->seed) OPENSSL_free(r->seed);
- if (r->counter != NULL) BN_clear_free(r->counter);
- if (r->pub_key != NULL) BN_clear_free(r->pub_key);
- if (r->priv_key != NULL) BN_clear_free(r->priv_key);
- OPENSSL_free(r);
- }
+ if (r->p != NULL)
+ BN_clear_free(r->p);
+ if (r->g != NULL)
+ BN_clear_free(r->g);
+ if (r->q != NULL)
+ BN_clear_free(r->q);
+ if (r->j != NULL)
+ BN_clear_free(r->j);
+ if (r->seed)
+ OPENSSL_free(r->seed);
+ if (r->counter != NULL)
+ BN_clear_free(r->counter);
+ if (r->pub_key != NULL)
+ BN_clear_free(r->pub_key);
+ if (r->priv_key != NULL)
+ BN_clear_free(r->priv_key);
+ OPENSSL_free(r);
+}
int DH_up_ref(DH *r)
- {
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
+{
+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
#ifdef REF_PRINT
- REF_PRINT("DH",r);
+ REF_PRINT("DH", r);
#endif
#ifdef REF_CHECK
- if (i < 2)
- {
- fprintf(stderr, "DH_up, bad reference count\n");
- abort();
- }
+ if (i < 2) {
+ fprintf(stderr, "DH_up, bad reference count\n");
+ abort();
+ }
#endif
- return ((i > 1) ? 1 : 0);
- }
+ return ((i > 1) ? 1 : 0);
+}
int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
- new_func, dup_func, free_func);
- }
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
+ new_func, dup_func, free_func);
+}
int DH_set_ex_data(DH *d, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
- }
+{
+ return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+}
void *DH_get_ex_data(DH *d, int idx)
- {
- return(CRYPTO_get_ex_data(&d->ex_data,idx));
- }
+{
+ return (CRYPTO_get_ex_data(&d->ex_data, idx));
+}
int DH_size(const DH *dh)
- {
- return(BN_num_bytes(dh->p));
- }
+{
+ return (BN_num_bytes(dh->p));
+}
diff --git a/openssl/crypto/dh/dh_pmeth.c b/openssl/crypto/dh/dh_pmeth.c
index 5ae72b7d4..494a887de 100644
--- a/openssl/crypto/dh/dh_pmeth.c
+++ b/openssl/crypto/dh/dh_pmeth.c
@@ -1,5 +1,6 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
@@ -9,7 +10,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -62,193 +63,486 @@
#include <openssl/evp.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#include <openssl/objects.h>
#include "evp_locl.h"
/* DH pkey context structure */
-typedef struct
- {
- /* Parameter gen parameters */
- int prime_len;
- int generator;
- int use_dsa;
- /* Keygen callback info */
- int gentmp[2];
- /* message digest */
- } DH_PKEY_CTX;
+typedef struct {
+ /* Parameter gen parameters */
+ int prime_len;
+ int generator;
+ int use_dsa;
+ int subprime_len;
+ /* message digest used for parameter generation */
+ const EVP_MD *md;
+ int rfc5114_param;
+ /* Keygen callback info */
+ int gentmp[2];
+ /* KDF (if any) to use for DH */
+ char kdf_type;
+ /* OID to use for KDF */
+ ASN1_OBJECT *kdf_oid;
+ /* Message digest to use for key derivation */
+ const EVP_MD *kdf_md;
+ /* User key material */
+ unsigned char *kdf_ukm;
+ size_t kdf_ukmlen;
+ /* KDF output length */
+ size_t kdf_outlen;
+} DH_PKEY_CTX;
static int pkey_dh_init(EVP_PKEY_CTX *ctx)
- {
- DH_PKEY_CTX *dctx;
- dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
- if (!dctx)
- return 0;
- dctx->prime_len = 1024;
- dctx->generator = 2;
- dctx->use_dsa = 0;
-
- ctx->data = dctx;
- ctx->keygen_info = dctx->gentmp;
- ctx->keygen_info_count = 2;
-
- return 1;
- }
+{
+ DH_PKEY_CTX *dctx;
+ dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
+ if (!dctx)
+ return 0;
+ dctx->prime_len = 1024;
+ dctx->subprime_len = -1;
+ dctx->generator = 2;
+ dctx->use_dsa = 0;
+ dctx->md = NULL;
+ dctx->rfc5114_param = 0;
+
+ dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
+ dctx->kdf_oid = NULL;
+ dctx->kdf_md = NULL;
+ dctx->kdf_ukm = NULL;
+ dctx->kdf_ukmlen = 0;
+ dctx->kdf_outlen = 0;
+
+ ctx->data = dctx;
+ ctx->keygen_info = dctx->gentmp;
+ ctx->keygen_info_count = 2;
+
+ return 1;
+}
static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
- {
- DH_PKEY_CTX *dctx, *sctx;
- if (!pkey_dh_init(dst))
- return 0;
- sctx = src->data;
- dctx = dst->data;
- dctx->prime_len = sctx->prime_len;
- dctx->generator = sctx->generator;
- dctx->use_dsa = sctx->use_dsa;
- return 1;
- }
+{
+ DH_PKEY_CTX *dctx, *sctx;
+ if (!pkey_dh_init(dst))
+ return 0;
+ sctx = src->data;
+ dctx = dst->data;
+ dctx->prime_len = sctx->prime_len;
+ dctx->subprime_len = sctx->subprime_len;
+ dctx->generator = sctx->generator;
+ dctx->use_dsa = sctx->use_dsa;
+ dctx->md = sctx->md;
+ dctx->rfc5114_param = sctx->rfc5114_param;
+
+ dctx->kdf_type = sctx->kdf_type;
+ dctx->kdf_oid = OBJ_dup(sctx->kdf_oid);
+ if (!dctx->kdf_oid)
+ return 0;
+ dctx->kdf_md = sctx->kdf_md;
+ if (dctx->kdf_ukm) {
+ dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+ dctx->kdf_ukmlen = sctx->kdf_ukmlen;
+ }
+ dctx->kdf_outlen = sctx->kdf_outlen;
+ return 1;
+}
static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
- {
- DH_PKEY_CTX *dctx = ctx->data;
- if (dctx)
- OPENSSL_free(dctx);
- }
+{
+ DH_PKEY_CTX *dctx = ctx->data;
+ if (dctx) {
+ if (dctx->kdf_ukm)
+ OPENSSL_free(dctx->kdf_ukm);
+ if (dctx->kdf_oid)
+ ASN1_OBJECT_free(dctx->kdf_oid);
+ OPENSSL_free(dctx);
+ }
+}
static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
- {
- DH_PKEY_CTX *dctx = ctx->data;
- switch (type)
- {
- case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
- if (p1 < 256)
- return -2;
- dctx->prime_len = p1;
- return 1;
-
- case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
- dctx->generator = p1;
- return 1;
-
- case EVP_PKEY_CTRL_PEER_KEY:
- /* Default behaviour is OK */
- return 1;
-
- default:
- return -2;
-
- }
- }
-
-
+{
+ DH_PKEY_CTX *dctx = ctx->data;
+ switch (type) {
+ case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
+ if (p1 < 256)
+ return -2;
+ dctx->prime_len = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN:
+ if (dctx->use_dsa == 0)
+ return -2;
+ dctx->subprime_len = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
+ if (dctx->use_dsa)
+ return -2;
+ dctx->generator = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE:
+#ifdef OPENSSL_NO_DSA
+ if (p1 != 0)
+ return -2;
+#else
+ if (p1 < 0 || p1 > 2)
+ return -2;
+#endif
+ dctx->use_dsa = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_RFC5114:
+ if (p1 < 1 || p1 > 3)
+ return -2;
+ dctx->rfc5114_param = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_PEER_KEY:
+ /* Default behaviour is OK */
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_KDF_TYPE:
+ if (p1 == -2)
+ return dctx->kdf_type;
+ if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
+ return -2;
+ dctx->kdf_type = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_KDF_MD:
+ dctx->kdf_md = p2;
+ return 1;
+
+ case EVP_PKEY_CTRL_GET_DH_KDF_MD:
+ *(const EVP_MD **)p2 = dctx->kdf_md;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_KDF_OUTLEN:
+ if (p1 <= 0)
+ return -2;
+ dctx->kdf_outlen = (size_t)p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN:
+ *(int *)p2 = dctx->kdf_outlen;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_KDF_UKM:
+ if (dctx->kdf_ukm)
+ OPENSSL_free(dctx->kdf_ukm);
+ dctx->kdf_ukm = p2;
+ if (p2)
+ dctx->kdf_ukmlen = p1;
+ else
+ dctx->kdf_ukmlen = 0;
+ return 1;
+
+ case EVP_PKEY_CTRL_GET_DH_KDF_UKM:
+ *(unsigned char **)p2 = dctx->kdf_ukm;
+ return dctx->kdf_ukmlen;
+
+ case EVP_PKEY_CTRL_DH_KDF_OID:
+ if (dctx->kdf_oid)
+ ASN1_OBJECT_free(dctx->kdf_oid);
+ dctx->kdf_oid = p2;
+ return 1;
+
+ case EVP_PKEY_CTRL_GET_DH_KDF_OID:
+ *(ASN1_OBJECT **)p2 = dctx->kdf_oid;
+ return 1;
+
+ default:
+ return -2;
+
+ }
+}
+
static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
- const char *type, const char *value)
- {
- if (!strcmp(type, "dh_paramgen_prime_len"))
- {
- int len;
- len = atoi(value);
- return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
- }
- if (!strcmp(type, "dh_paramgen_generator"))
- {
- int len;
- len = atoi(value);
- return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
- }
- return -2;
- }
+ const char *type, const char *value)
+{
+ if (!strcmp(type, "dh_paramgen_prime_len")) {
+ int len;
+ len = atoi(value);
+ return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
+ }
+ if (!strcmp(type, "dh_rfc5114")) {
+ DH_PKEY_CTX *dctx = ctx->data;
+ int len;
+ len = atoi(value);
+ if (len < 0 || len > 3)
+ return -2;
+ dctx->rfc5114_param = len;
+ return 1;
+ }
+ if (!strcmp(type, "dh_paramgen_generator")) {
+ int len;
+ len = atoi(value);
+ return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
+ }
+ if (!strcmp(type, "dh_paramgen_subprime_len")) {
+ int len;
+ len = atoi(value);
+ return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len);
+ }
+ if (!strcmp(type, "dh_paramgen_type")) {
+ int typ;
+ typ = atoi(value);
+ return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ);
+ }
+ return -2;
+}
+
+#ifndef OPENSSL_NO_DSA
+
+extern int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+ const EVP_MD *evpmd,
+ const unsigned char *seed_in, size_t seed_len,
+ unsigned char *seed_out, int *counter_ret,
+ unsigned long *h_ret, BN_GENCB *cb);
+
+extern int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+ const EVP_MD *evpmd,
+ const unsigned char *seed_in,
+ size_t seed_len, int idx,
+ unsigned char *seed_out, int *counter_ret,
+ unsigned long *h_ret, BN_GENCB *cb);
+
+static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb)
+{
+ DSA *ret;
+ int rv = 0;
+ int prime_len = dctx->prime_len;
+ int subprime_len = dctx->subprime_len;
+ const EVP_MD *md = dctx->md;
+ if (dctx->use_dsa > 2)
+ return NULL;
+ ret = DSA_new();
+ if (!ret)
+ return NULL;
+ if (subprime_len == -1) {
+ if (prime_len >= 2048)
+ subprime_len = 256;
+ else
+ subprime_len = 160;
+ }
+ if (md == NULL) {
+ if (prime_len >= 2048)
+ md = EVP_sha256();
+ else
+ md = EVP_sha1();
+ }
+ if (dctx->use_dsa == 1)
+ rv = dsa_builtin_paramgen(ret, prime_len, subprime_len, md,
+ NULL, 0, NULL, NULL, NULL, pcb);
+ else if (dctx->use_dsa == 2)
+ rv = dsa_builtin_paramgen2(ret, prime_len, subprime_len, md,
+ NULL, 0, -1, NULL, NULL, NULL, pcb);
+ if (rv <= 0) {
+ DSA_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+#endif
static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
- {
- DH *dh = NULL;
- DH_PKEY_CTX *dctx = ctx->data;
- BN_GENCB *pcb, cb;
- int ret;
- if (ctx->pkey_gencb)
- {
- pcb = &cb;
- evp_pkey_set_cb_translate(pcb, ctx);
- }
- else
- pcb = NULL;
- dh = DH_new();
- if (!dh)
- return 0;
- ret = DH_generate_parameters_ex(dh,
- dctx->prime_len, dctx->generator, pcb);
- if (ret)
- EVP_PKEY_assign_DH(pkey, dh);
- else
- DH_free(dh);
- return ret;
- }
+{
+ DH *dh = NULL;
+ DH_PKEY_CTX *dctx = ctx->data;
+ BN_GENCB *pcb, cb;
+ int ret;
+ if (dctx->rfc5114_param) {
+ switch (dctx->rfc5114_param) {
+ case 1:
+ dh = DH_get_1024_160();
+ break;
+
+ case 2:
+ dh = DH_get_2048_224();
+ break;
+
+ case 3:
+ dh = DH_get_2048_256();
+ break;
+
+ default:
+ return -2;
+ }
+ EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+ return 1;
+ }
+
+ if (ctx->pkey_gencb) {
+ pcb = &cb;
+ evp_pkey_set_cb_translate(pcb, ctx);
+ } else
+ pcb = NULL;
+#ifndef OPENSSL_NO_DSA
+ if (dctx->use_dsa) {
+ DSA *dsa_dh;
+ dsa_dh = dsa_dh_generate(dctx, pcb);
+ if (!dsa_dh)
+ return 0;
+ dh = DSA_dup_DH(dsa_dh);
+ DSA_free(dsa_dh);
+ if (!dh)
+ return 0;
+ EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+ return 1;
+ }
+#endif
+ dh = DH_new();
+ if (!dh)
+ return 0;
+ ret = DH_generate_parameters_ex(dh,
+ dctx->prime_len, dctx->generator, pcb);
+
+ if (ret)
+ EVP_PKEY_assign_DH(pkey, dh);
+ else
+ DH_free(dh);
+ return ret;
+}
static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
- {
- DH *dh = NULL;
- if (ctx->pkey == NULL)
- {
- DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
- return 0;
- }
- dh = DH_new();
- if (!dh)
- return 0;
- EVP_PKEY_assign_DH(pkey, dh);
- /* Note: if error return, pkey is freed by parent routine */
- if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
- return 0;
- return DH_generate_key(pkey->pkey.dh);
- }
-
-static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
- {
- int ret;
- if (!ctx->pkey || !ctx->peerkey)
- {
- DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
- return 0;
- }
- ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
- ctx->pkey->pkey.dh);
- if (ret < 0)
- return ret;
- *keylen = ret;
- return 1;
- }
-
-const EVP_PKEY_METHOD dh_pkey_meth =
- {
- EVP_PKEY_DH,
- EVP_PKEY_FLAG_AUTOARGLEN,
- pkey_dh_init,
- pkey_dh_copy,
- pkey_dh_cleanup,
-
- 0,
- pkey_dh_paramgen,
-
- 0,
- pkey_dh_keygen,
-
- 0,
- 0,
-
- 0,
- 0,
-
- 0,0,
-
- 0,0,0,0,
-
- 0,0,
-
- 0,0,
-
- 0,
- pkey_dh_derive,
-
- pkey_dh_ctrl,
- pkey_dh_ctrl_str
-
- };
+{
+ DH *dh = NULL;
+ if (ctx->pkey == NULL) {
+ DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
+ return 0;
+ }
+ dh = DH_new();
+ if (!dh)
+ return 0;
+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
+ /* Note: if error return, pkey is freed by parent routine */
+ if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+ return 0;
+ return DH_generate_key(pkey->pkey.dh);
+}
+
+static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+ size_t *keylen)
+{
+ int ret;
+ DH *dh;
+ DH_PKEY_CTX *dctx = ctx->data;
+ BIGNUM *dhpub;
+ if (!ctx->pkey || !ctx->peerkey) {
+ DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
+ return 0;
+ }
+ dh = ctx->pkey->pkey.dh;
+ dhpub = ctx->peerkey->pkey.dh->pub_key;
+ if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE) {
+ if (key == NULL) {
+ *keylen = DH_size(dh);
+ return 1;
+ }
+ ret = DH_compute_key(key, dhpub, dh);
+ if (ret < 0)
+ return ret;
+ *keylen = ret;
+ return 1;
+ } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+ unsigned char *Z = NULL;
+ size_t Zlen = 0;
+ if (!dctx->kdf_outlen || !dctx->kdf_oid)
+ return 0;
+ if (key == NULL) {
+ *keylen = dctx->kdf_outlen;
+ return 1;
+ }
+ if (*keylen != dctx->kdf_outlen)
+ return 0;
+ ret = 0;
+ Zlen = DH_size(dh);
+ Z = OPENSSL_malloc(Zlen);
+ if (DH_compute_key_padded(Z, dhpub, dh) <= 0)
+ goto err;
+ if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid,
+ dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
+ goto err;
+ *keylen = dctx->kdf_outlen;
+ ret = 1;
+ err:
+ if (Z) {
+ OPENSSL_cleanse(Z, Zlen);
+ OPENSSL_free(Z);
+ }
+ return ret;
+ }
+ return 1;
+}
+
+const EVP_PKEY_METHOD dh_pkey_meth = {
+ EVP_PKEY_DH,
+ 0,
+ pkey_dh_init,
+ pkey_dh_copy,
+ pkey_dh_cleanup,
+
+ 0,
+ pkey_dh_paramgen,
+
+ 0,
+ pkey_dh_keygen,
+
+ 0,
+ 0,
+
+ 0,
+ 0,
+
+ 0, 0,
+
+ 0, 0, 0, 0,
+
+ 0, 0,
+
+ 0, 0,
+
+ 0,
+ pkey_dh_derive,
+
+ pkey_dh_ctrl,
+ pkey_dh_ctrl_str
+};
+
+const EVP_PKEY_METHOD dhx_pkey_meth = {
+ EVP_PKEY_DHX,
+ 0,
+ pkey_dh_init,
+ pkey_dh_copy,
+ pkey_dh_cleanup,
+
+ 0,
+ pkey_dh_paramgen,
+
+ 0,
+ pkey_dh_keygen,
+
+ 0,
+ 0,
+
+ 0,
+ 0,
+
+ 0, 0,
+
+ 0, 0, 0, 0,
+
+ 0, 0,
+
+ 0, 0,
+
+ 0,
+ pkey_dh_derive,
+
+ pkey_dh_ctrl,
+ pkey_dh_ctrl_str
+};
diff --git a/openssl/crypto/dh/dh_prn.c b/openssl/crypto/dh/dh_prn.c
index ae58c2ac8..5d6c3a37e 100644
--- a/openssl/crypto/dh/dh_prn.c
+++ b/openssl/crypto/dh/dh_prn.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,18 +63,17 @@
#ifndef OPENSSL_NO_FP_API
int DHparams_print_fp(FILE *fp, const DH *x)
- {
- BIO *b;
- int ret;
+{
+ BIO *b;
+ int ret;
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=DHparams_print(b, x);
- BIO_free(b);
- return(ret);
- }
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = DHparams_print(b, x);
+ BIO_free(b);
+ return (ret);
+}
#endif
diff --git a/openssl/crypto/dh/dh_rfc5114.c b/openssl/crypto/dh/dh_rfc5114.c
new file mode 100755
index 000000000..e96e2aa3f
--- /dev/null
+++ b/openssl/crypto/dh/dh_rfc5114.c
@@ -0,0 +1,285 @@
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2011.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+
+/* DH parameters from RFC5114 */
+
+#if BN_BITS2 == 64
+static const BN_ULONG dh1024_160_p[] = {
+ 0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL,
+ 0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL,
+ 0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL,
+ 0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL,
+ 0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL,
+ 0xB10B8F96A080E01DULL
+};
+
+static const BN_ULONG dh1024_160_g[] = {
+ 0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL,
+ 0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL,
+ 0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL,
+ 0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL,
+ 0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL,
+ 0xA4D1CBD5C3FD3412ULL
+};
+
+static const BN_ULONG dh1024_160_q[] = {
+ 0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL
+};
+
+static const BN_ULONG dh2048_224_p[] = {
+ 0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL,
+ 0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL,
+ 0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL,
+ 0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL,
+ 0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL,
+ 0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL,
+ 0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL,
+ 0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL,
+ 0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL,
+ 0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL,
+ 0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL
+};
+
+static const BN_ULONG dh2048_224_g[] = {
+ 0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL,
+ 0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL,
+ 0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL,
+ 0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL,
+ 0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL,
+ 0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL,
+ 0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL,
+ 0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL,
+ 0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL,
+ 0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL,
+ 0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL
+};
+
+static const BN_ULONG dh2048_224_q[] = {
+ 0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL,
+ 0x00000000801C0D34ULL
+};
+
+static const BN_ULONG dh2048_256_p[] = {
+ 0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL,
+ 0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL,
+ 0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL,
+ 0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL,
+ 0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL,
+ 0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL,
+ 0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL,
+ 0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL,
+ 0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL,
+ 0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL,
+ 0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL
+};
+
+static const BN_ULONG dh2048_256_g[] = {
+ 0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL,
+ 0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL,
+ 0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL,
+ 0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL,
+ 0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL,
+ 0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL,
+ 0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL,
+ 0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL,
+ 0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL,
+ 0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL,
+ 0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL
+};
+
+static const BN_ULONG dh2048_256_q[] = {
+ 0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL,
+ 0x8CF83642A709A097ULL
+};
+
+#elif BN_BITS2 == 32
+
+static const BN_ULONG dh1024_160_p[] = {
+ 0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF,
+ 0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA,
+ 0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C,
+ 0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286,
+ 0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E,
+ 0xA080E01D, 0xB10B8F96
+};
+
+static const BN_ULONG dh1024_160_g[] = {
+ 0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59,
+ 0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08,
+ 0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F,
+ 0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E,
+ 0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442,
+ 0xC3FD3412, 0xA4D1CBD5
+};
+
+static const BN_ULONG dh1024_160_q[] = {
+ 0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87
+};
+
+static const BN_ULONG dh2048_224_p[] = {
+ 0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2,
+ 0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E,
+ 0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1,
+ 0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A,
+ 0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714,
+ 0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0,
+ 0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0,
+ 0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152,
+ 0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40,
+ 0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5,
+ 0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E
+};
+
+static const BN_ULONG dh2048_224_g[] = {
+ 0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1,
+ 0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE,
+ 0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F,
+ 0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137,
+ 0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3,
+ 0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2,
+ 0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0,
+ 0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001,
+ 0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01,
+ 0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B,
+ 0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF
+};
+
+static const BN_ULONG dh2048_224_q[] = {
+ 0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE,
+ 0x801C0D34
+};
+
+static const BN_ULONG dh2048_256_p[] = {
+ 0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227,
+ 0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A,
+ 0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79,
+ 0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5,
+ 0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267,
+ 0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF,
+ 0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF,
+ 0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64,
+ 0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45,
+ 0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608,
+ 0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D
+};
+
+static const BN_ULONG dh2048_256_g[] = {
+ 0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148,
+ 0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428,
+ 0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15,
+ 0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73,
+ 0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1,
+ 0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982,
+ 0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5,
+ 0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8,
+ 0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A,
+ 0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F,
+ 0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B
+};
+
+static const BN_ULONG dh2048_256_q[] = {
+ 0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976,
+ 0xA709A097, 0x8CF83642
+};
+
+#else
+# error "unsupported BN_BITS2"
+#endif
+
+/* Macro to make a BIGNUM from static data */
+
+#define make_dh_bn(x) static const BIGNUM _bignum_##x = { (BN_ULONG *) x, \
+ sizeof(x)/sizeof(BN_ULONG),\
+ sizeof(x)/sizeof(BN_ULONG),\
+ 0, BN_FLG_STATIC_DATA }
+
+/*
+ * Macro to make a DH structure from BIGNUM data. NB: although just copying
+ * the BIGNUM static pointers would be more efficient we can't as they get
+ * wiped using BN_clear_free() when DH_free() is called.
+ */
+
+#define make_dh(x) \
+DH * DH_get_##x(void) \
+ { \
+ DH *dh; \
+ make_dh_bn(dh##x##_p); \
+ make_dh_bn(dh##x##_q); \
+ make_dh_bn(dh##x##_g); \
+ dh = DH_new(); \
+ if (!dh) \
+ return NULL; \
+ dh->p = BN_dup(&_bignum_dh##x##_p); \
+ dh->g = BN_dup(&_bignum_dh##x##_g); \
+ dh->q = BN_dup(&_bignum_dh##x##_q); \
+ if (!dh->p || !dh->q || !dh->g) \
+ { \
+ DH_free(dh); \
+ return NULL; \
+ } \
+ return dh; \
+ }
+
+make_dh(1024_160)
+make_dh(2048_224)
+make_dh(2048_256)
diff --git a/openssl/crypto/dh/dhtest.c b/openssl/crypto/dh/dhtest.c
index 882f5c310..c9dd76bc7 100644
--- a/openssl/crypto/dh/dhtest.c
+++ b/openssl/crypto/dh/dhtest.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,17 +49,19 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
#endif
#include <stdio.h>
@@ -78,149 +80,485 @@
int main(int argc, char *argv[])
{
printf("No DH support\n");
- return(0);
+ return (0);
}
#else
-#include <openssl/dh.h>
+# include <openssl/dh.h>
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK _far _loadds
-#else
-#define MS_CALLBACK
-#endif
+# ifdef OPENSSL_SYS_WIN16
+# define MS_CALLBACK _far _loadds
+# else
+# define MS_CALLBACK
+# endif
static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg);
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+
+static int run_rfc5114_tests(void);
int main(int argc, char *argv[])
- {
- BN_GENCB _cb;
- DH *a;
- DH *b=NULL;
- char buf[12];
- unsigned char *abuf=NULL,*bbuf=NULL;
- int i,alen,blen,aout,bout,ret=1;
- BIO *out;
-
- CRYPTO_malloc_debug_init();
- CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-#ifdef OPENSSL_SYS_WIN32
- CRYPTO_malloc_init();
-#endif
+{
+ BN_GENCB _cb;
+ DH *a;
+ DH *b = NULL;
+ char buf[12];
+ unsigned char *abuf = NULL, *bbuf = NULL;
+ int i, alen, blen, aout, bout, ret = 1;
+ BIO *out;
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
- out=BIO_new(BIO_s_file());
- if (out == NULL) EXIT(1);
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-
- BN_GENCB_set(&_cb, &cb, out);
- if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
- DH_GENERATOR_5, &_cb))
- goto err;
-
- if (!DH_check(a, &i)) goto err;
- if (i & DH_CHECK_P_NOT_PRIME)
- BIO_puts(out, "p value is not prime\n");
- if (i & DH_CHECK_P_NOT_SAFE_PRIME)
- BIO_puts(out, "p value is not a safe prime\n");
- if (i & DH_UNABLE_TO_CHECK_GENERATOR)
- BIO_puts(out, "unable to check the generator value\n");
- if (i & DH_NOT_SUITABLE_GENERATOR)
- BIO_puts(out, "the g value is not a generator\n");
-
- BIO_puts(out,"\np =");
- BN_print(out,a->p);
- BIO_puts(out,"\ng =");
- BN_print(out,a->g);
- BIO_puts(out,"\n");
-
- b=DH_new();
- if (b == NULL) goto err;
-
- b->p=BN_dup(a->p);
- b->g=BN_dup(a->g);
- if ((b->p == NULL) || (b->g == NULL)) goto err;
-
- /* Set a to run with normal modexp and b to use constant time */
- a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
- b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
-
- if (!DH_generate_key(a)) goto err;
- BIO_puts(out,"pri 1=");
- BN_print(out,a->priv_key);
- BIO_puts(out,"\npub 1=");
- BN_print(out,a->pub_key);
- BIO_puts(out,"\n");
-
- if (!DH_generate_key(b)) goto err;
- BIO_puts(out,"pri 2=");
- BN_print(out,b->priv_key);
- BIO_puts(out,"\npub 2=");
- BN_print(out,b->pub_key);
- BIO_puts(out,"\n");
-
- alen=DH_size(a);
- abuf=(unsigned char *)OPENSSL_malloc(alen);
- aout=DH_compute_key(abuf,b->pub_key,a);
-
- BIO_puts(out,"key1 =");
- for (i=0; i<aout; i++)
- {
- sprintf(buf,"%02X",abuf[i]);
- BIO_puts(out,buf);
- }
- BIO_puts(out,"\n");
-
- blen=DH_size(b);
- bbuf=(unsigned char *)OPENSSL_malloc(blen);
- bout=DH_compute_key(bbuf,a->pub_key,b);
-
- BIO_puts(out,"key2 =");
- for (i=0; i<bout; i++)
- {
- sprintf(buf,"%02X",bbuf[i]);
- BIO_puts(out,buf);
- }
- BIO_puts(out,"\n");
- if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
- {
- fprintf(stderr,"Error in DH routines\n");
- ret=1;
- }
- else
- ret=0;
-err:
- ERR_print_errors_fp(stderr);
-
- if (abuf != NULL) OPENSSL_free(abuf);
- if (bbuf != NULL) OPENSSL_free(bbuf);
- if(b != NULL) DH_free(b);
- if(a != NULL) DH_free(a);
- BIO_free(out);
-#ifdef OPENSSL_SYS_NETWARE
- if (ret) printf("ERROR: %d\n", ret);
-#endif
- EXIT(ret);
- return(ret);
- }
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+# ifdef OPENSSL_SYS_WIN32
+ CRYPTO_malloc_init();
+# endif
+
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ EXIT(1);
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+
+ BN_GENCB_set(&_cb, &cb, out);
+ if (((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
+ DH_GENERATOR_5,
+ &_cb))
+ goto err;
+
+ if (!DH_check(a, &i))
+ goto err;
+ if (i & DH_CHECK_P_NOT_PRIME)
+ BIO_puts(out, "p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+ BIO_puts(out, "p value is not a safe prime\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+ BIO_puts(out, "unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+ BIO_puts(out, "the g value is not a generator\n");
+
+ BIO_puts(out, "\np =");
+ BN_print(out, a->p);
+ BIO_puts(out, "\ng =");
+ BN_print(out, a->g);
+ BIO_puts(out, "\n");
+
+ b = DH_new();
+ if (b == NULL)
+ goto err;
+
+ b->p = BN_dup(a->p);
+ b->g = BN_dup(a->g);
+ if ((b->p == NULL) || (b->g == NULL))
+ goto err;
+
+ /* Set a to run with normal modexp and b to use constant time */
+ a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
+ b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
+
+ if (!DH_generate_key(a))
+ goto err;
+ BIO_puts(out, "pri 1=");
+ BN_print(out, a->priv_key);
+ BIO_puts(out, "\npub 1=");
+ BN_print(out, a->pub_key);
+ BIO_puts(out, "\n");
+
+ if (!DH_generate_key(b))
+ goto err;
+ BIO_puts(out, "pri 2=");
+ BN_print(out, b->priv_key);
+ BIO_puts(out, "\npub 2=");
+ BN_print(out, b->pub_key);
+ BIO_puts(out, "\n");
+
+ alen = DH_size(a);
+ abuf = (unsigned char *)OPENSSL_malloc(alen);
+ aout = DH_compute_key(abuf, b->pub_key, a);
+
+ BIO_puts(out, "key1 =");
+ for (i = 0; i < aout; i++) {
+ sprintf(buf, "%02X", abuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_puts(out, "\n");
+
+ blen = DH_size(b);
+ bbuf = (unsigned char *)OPENSSL_malloc(blen);
+ bout = DH_compute_key(bbuf, a->pub_key, b);
+
+ BIO_puts(out, "key2 =");
+ for (i = 0; i < bout; i++) {
+ sprintf(buf, "%02X", bbuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_puts(out, "\n");
+ if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {
+ fprintf(stderr, "Error in DH routines\n");
+ ret = 1;
+ } else
+ ret = 0;
+ if (!run_rfc5114_tests())
+ ret = 1;
+ err:
+ ERR_print_errors_fp(stderr);
+
+ if (abuf != NULL)
+ OPENSSL_free(abuf);
+ if (bbuf != NULL)
+ OPENSSL_free(bbuf);
+ if (b != NULL)
+ DH_free(b);
+ if (a != NULL)
+ DH_free(a);
+ BIO_free(out);
+# ifdef OPENSSL_SYS_NETWARE
+ if (ret)
+ printf("ERROR: %d\n", ret);
+# endif
+ EXIT(ret);
+ return (ret);
+}
static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(arg->arg,&c,1);
- (void)BIO_flush(arg->arg);
-#ifdef LINT
- p=n;
-#endif
- return 1;
- }
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write(arg->arg, &c, 1);
+ (void)BIO_flush(arg->arg);
+# ifdef LINT
+ p = n;
+# endif
+ return 1;
+}
+
+/* Test data from RFC 5114 */
+
+static const unsigned char dhtest_1024_160_xA[] = {
+ 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50,
+ 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E
+};
+
+static const unsigned char dhtest_1024_160_yA[] = {
+ 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D,
+ 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09,
+ 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76,
+ 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F,
+ 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D,
+ 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A,
+ 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA,
+ 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA,
+ 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01,
+ 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95,
+ 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76
+};
+
+static const unsigned char dhtest_1024_160_xB[] = {
+ 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8,
+ 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA
+};
+
+static const unsigned char dhtest_1024_160_yB[] = {
+ 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94,
+ 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66,
+ 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C,
+ 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E,
+ 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3,
+ 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A,
+ 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E,
+ 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26,
+ 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A,
+ 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67,
+ 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE
+};
+
+static const unsigned char dhtest_1024_160_Z[] = {
+ 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F,
+ 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5,
+ 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3,
+ 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8,
+ 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF,
+ 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13,
+ 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED,
+ 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83,
+ 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0,
+ 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46,
+ 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D
+};
+
+static const unsigned char dhtest_2048_224_xA[] = {
+ 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7,
+ 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4,
+ 0x83, 0x29, 0x4B, 0x0C
+};
+
+static const unsigned char dhtest_2048_224_yA[] = {
+ 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49,
+ 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0,
+ 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04,
+ 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B,
+ 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1,
+ 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C,
+ 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6,
+ 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43,
+ 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D,
+ 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E,
+ 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9,
+ 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE,
+ 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52,
+ 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3,
+ 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6,
+ 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06,
+ 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52,
+ 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A,
+ 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15,
+ 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB,
+ 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C,
+ 0x71, 0x64, 0x8D, 0x6F
+};
+
+static const unsigned char dhtest_2048_224_xB[] = {
+ 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63,
+ 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15,
+ 0x35, 0x3B, 0x75, 0x90
+};
+
+static const unsigned char dhtest_2048_224_yB[] = {
+ 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44,
+ 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2,
+ 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41,
+ 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1,
+ 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C,
+ 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2,
+ 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE,
+ 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC,
+ 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47,
+ 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03,
+ 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6,
+ 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC,
+ 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A,
+ 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3,
+ 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4,
+ 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17,
+ 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF,
+ 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC,
+ 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7,
+ 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15,
+ 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20,
+ 0x02, 0x14, 0x2B, 0x6C
+};
+
+static const unsigned char dhtest_2048_224_Z[] = {
+ 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03,
+ 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3,
+ 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E,
+ 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C,
+ 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79,
+ 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4,
+ 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2,
+ 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9,
+ 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F,
+ 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B,
+ 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23,
+ 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A,
+ 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8,
+ 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89,
+ 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9,
+ 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF,
+ 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7,
+ 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2,
+ 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2,
+ 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4,
+ 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C,
+ 0xF9, 0xF6, 0x38, 0x69
+};
+
+static const unsigned char dhtest_2048_256_xA[] = {
+ 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61,
+ 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3,
+ 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E
+};
+
+static const unsigned char dhtest_2048_256_yA[] = {
+ 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41,
+ 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6,
+ 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9,
+ 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE,
+ 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8,
+ 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9,
+ 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50,
+ 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8,
+ 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82,
+ 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC,
+ 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41,
+ 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02,
+ 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA,
+ 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A,
+ 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F,
+ 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3,
+ 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5,
+ 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0,
+ 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A,
+ 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F,
+ 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5,
+ 0x7C, 0xA6, 0x7E, 0x29
+};
+
+static const unsigned char dhtest_2048_256_xB[] = {
+ 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF,
+ 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64,
+ 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D
+};
+
+static const unsigned char dhtest_2048_256_yB[] = {
+ 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8,
+ 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98,
+ 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7,
+ 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E,
+ 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25,
+ 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05,
+ 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63,
+ 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97,
+ 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F,
+ 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3,
+ 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98,
+ 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A,
+ 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D,
+ 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C,
+ 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5,
+ 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80,
+ 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A,
+ 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44,
+ 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA,
+ 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D,
+ 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53,
+ 0x75, 0x7E, 0x19, 0x13
+};
+
+static const unsigned char dhtest_2048_256_Z[] = {
+ 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17,
+ 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1,
+ 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00,
+ 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE,
+ 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0,
+ 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0,
+ 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED,
+ 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04,
+ 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A,
+ 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C,
+ 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C,
+ 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93,
+ 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38,
+ 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52,
+ 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F,
+ 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9,
+ 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C,
+ 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A,
+ 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3,
+ 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0,
+ 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0,
+ 0xC2, 0x6C, 0x5D, 0x7C
+};
+
+typedef struct {
+ DH *(*get_param) (void);
+ const unsigned char *xA;
+ size_t xA_len;
+ const unsigned char *yA;
+ size_t yA_len;
+ const unsigned char *xB;
+ size_t xB_len;
+ const unsigned char *yB;
+ size_t yB_len;
+ const unsigned char *Z;
+ size_t Z_len;
+} rfc5114_td;
+
+# define make_rfc5114_td(pre) { \
+ DH_get_##pre, \
+ dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \
+ dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \
+ dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \
+ dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \
+ dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \
+ }
+
+static const rfc5114_td rfctd[] = {
+ make_rfc5114_td(1024_160),
+ make_rfc5114_td(2048_224),
+ make_rfc5114_td(2048_256)
+};
+
+static int run_rfc5114_tests(void)
+{
+ int i;
+ for (i = 0; i < (int)(sizeof(rfctd) / sizeof(rfc5114_td)); i++) {
+ DH *dhA, *dhB;
+ unsigned char *Z1 = NULL, *Z2 = NULL;
+ const rfc5114_td *td = rfctd + i;
+ /* Set up DH structures setting key components */
+ dhA = td->get_param();
+ dhB = td->get_param();
+ if (!dhA || !dhB)
+ goto bad_err;
+
+ dhA->priv_key = BN_bin2bn(td->xA, td->xA_len, NULL);
+ dhA->pub_key = BN_bin2bn(td->yA, td->yA_len, NULL);
+
+ dhB->priv_key = BN_bin2bn(td->xB, td->xB_len, NULL);
+ dhB->pub_key = BN_bin2bn(td->yB, td->yB_len, NULL);
+
+ if (!dhA->priv_key || !dhA->pub_key
+ || !dhB->priv_key || !dhB->pub_key)
+ goto bad_err;
+
+ if ((td->Z_len != (size_t)DH_size(dhA))
+ || (td->Z_len != (size_t)DH_size(dhB)))
+ goto err;
+
+ Z1 = OPENSSL_malloc(DH_size(dhA));
+ Z2 = OPENSSL_malloc(DH_size(dhB));
+ /*
+ * Work out shared secrets using both sides and compare with expected
+ * values.
+ */
+ if (!DH_compute_key(Z1, dhB->pub_key, dhA))
+ goto bad_err;
+ if (!DH_compute_key(Z2, dhA->pub_key, dhB))
+ goto bad_err;
+
+ if (memcmp(Z1, td->Z, td->Z_len))
+ goto err;
+ if (memcmp(Z2, td->Z, td->Z_len))
+ goto err;
+
+ printf("RFC5114 parameter test %d OK\n", i + 1);
+
+ DH_free(dhA);
+ DH_free(dhB);
+ OPENSSL_free(Z1);
+ OPENSSL_free(Z2);
+
+ }
+ return 1;
+ bad_err:
+ fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1);
+ ERR_print_errors_fp(stderr);
+ return 0;
+ err:
+ fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1);
+ return 0;
+}
+
#endif
diff --git a/openssl/crypto/dh/p1024.c b/openssl/crypto/dh/p1024.c
index 368ceca4e..a4b014b6a 100644
--- a/openssl/crypto/dh/p1024.c
+++ b/openssl/crypto/dh/p1024.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -62,31 +62,31 @@
#include <openssl/dh.h>
#include <openssl/pem.h>
-unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
- 0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
- 0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8,
- 0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF,
- 0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9,
- 0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78,
- 0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E,
- 0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6,
- 0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B,
- 0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89,
- 0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19,
- 0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03,
- 0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B,
- 0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21,
- 0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE,
- 0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB,
- };
+unsigned char data[] = { 0x97, 0xF6, 0x42, 0x61, 0xCA, 0xB5, 0x05, 0xDD,
+ 0x28, 0x28, 0xE1, 0x3F, 0x1D, 0x68, 0xB6, 0xD3,
+ 0xDB, 0xD0, 0xF3, 0x13, 0x04, 0x7F, 0x40, 0xE8,
+ 0x56, 0xDA, 0x58, 0xCB, 0x13, 0xB8, 0xA1, 0xBF,
+ 0x2B, 0x78, 0x3A, 0x4C, 0x6D, 0x59, 0xD5, 0xF9,
+ 0x2A, 0xFC, 0x6C, 0xFF, 0x3D, 0x69, 0x3F, 0x78,
+ 0xB2, 0x3D, 0x4F, 0x31, 0x60, 0xA9, 0x50, 0x2E,
+ 0x3E, 0xFA, 0xF7, 0xAB, 0x5E, 0x1A, 0xD5, 0xA6,
+ 0x5E, 0x55, 0x43, 0x13, 0x82, 0x8D, 0xA8, 0x3B,
+ 0x9F, 0xF2, 0xD9, 0x41, 0xDE, 0xE9, 0x56, 0x89,
+ 0xFA, 0xDA, 0xEA, 0x09, 0x36, 0xAD, 0xDF, 0x19,
+ 0x71, 0xFE, 0x63, 0x5B, 0x20, 0xAF, 0x47, 0x03,
+ 0x64, 0x60, 0x3C, 0x2D, 0xE0, 0x59, 0xF5, 0x4B,
+ 0x65, 0x0A, 0xD8, 0xFA, 0x0C, 0xF7, 0x01, 0x21,
+ 0xC7, 0x47, 0x99, 0xD7, 0x58, 0x71, 0x32, 0xBE,
+ 0x9B, 0x99, 0x9B, 0xB9, 0xB7, 0x87, 0xE8, 0xAB,
+};
main()
- {
- DH *dh;
+{
+ DH *dh;
- dh=DH_new();
- dh->p=BN_bin2bn(data,sizeof(data),NULL);
- dh->g=BN_new();
- BN_set_word(dh->g,2);
- PEM_write_DHparams(stdout,dh);
- }
+ dh = DH_new();
+ dh->p = BN_bin2bn(data, sizeof(data), NULL);
+ dh->g = BN_new();
+ BN_set_word(dh->g, 2);
+ PEM_write_DHparams(stdout, dh);
+}
diff --git a/openssl/crypto/dh/p192.c b/openssl/crypto/dh/p192.c
index 7bdf40410..9f49f7683 100644
--- a/openssl/crypto/dh/p192.c
+++ b/openssl/crypto/dh/p192.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -62,19 +62,19 @@
#include <openssl/dh.h>
#include <openssl/pem.h>
-unsigned char data[]={
-0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
-0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76,
-0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B,
- };
+unsigned char data[] = {
+ 0xD4, 0xA0, 0xBA, 0x02, 0x50, 0xB6, 0xFD, 0x2E,
+ 0xC6, 0x26, 0xE7, 0xEF, 0xD6, 0x37, 0xDF, 0x76,
+ 0xC7, 0x16, 0xE2, 0x2D, 0x09, 0x44, 0xB8, 0x8B,
+};
main()
- {
- DH *dh;
+{
+ DH *dh;
- dh=DH_new();
- dh->p=BN_bin2bn(data,sizeof(data),NULL);
- dh->g=BN_new();
- BN_set_word(dh->g,3);
- PEM_write_DHparams(stdout,dh);
- }
+ dh = DH_new();
+ dh->p = BN_bin2bn(data, sizeof(data), NULL);
+ dh->g = BN_new();
+ BN_set_word(dh->g, 3);
+ PEM_write_DHparams(stdout, dh);
+}
diff --git a/openssl/crypto/dh/p512.c b/openssl/crypto/dh/p512.c
index a9b6aa83f..606fa4d6c 100644
--- a/openssl/crypto/dh/p512.c
+++ b/openssl/crypto/dh/p512.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -62,24 +62,24 @@
#include <openssl/dh.h>
#include <openssl/pem.h>
-unsigned char data[]={
-0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
-0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92,
-0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
-0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,
-0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29,
-0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
-0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,
-0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33,
- };
+unsigned char data[] = {
+ 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89,
+ 0xD0, 0xE4, 0xAF, 0x75, 0x6F, 0x4C, 0xCA, 0x92,
+ 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
+ 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED,
+ 0x57, 0x46, 0x50, 0xD3, 0x69, 0x99, 0xDB, 0x29,
+ 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
+ 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6,
+ 0xD8, 0x00, 0x3E, 0x7C, 0x47, 0x74, 0xE8, 0x33,
+};
main()
- {
- DH *dh;
+{
+ DH *dh;
- dh=DH_new();
- dh->p=BN_bin2bn(data,sizeof(data),NULL);
- dh->g=BN_new();
- BN_set_word(dh->g,2);
- PEM_write_DHparams(stdout,dh);
- }
+ dh = DH_new();
+ dh->p = BN_bin2bn(data, sizeof(data), NULL);
+ dh->g = BN_new();
+ BN_set_word(dh->g, 2);
+ PEM_write_DHparams(stdout, dh);
+}