diff options
Diffstat (limited to 'crypto/dh/dh_key.c')
-rw-r--r-- | crypto/dh/dh_key.c | 104 |
1 files changed, 50 insertions, 54 deletions
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 0bee75c..14d3546 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -20,8 +20,7 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh); static int dh_finish(DH *dh); -int dh_compute_key(OPENSSL_CTX *libctx, unsigned char *key, - const BIGNUM *pub_key, DH *dh) +static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { BN_CTX *ctx = NULL; BN_MONT_CTX *mont = NULL; @@ -41,7 +40,7 @@ int dh_compute_key(OPENSSL_CTX *libctx, unsigned char *key, return 0; } - ctx = BN_CTX_new_ex(libctx); + ctx = BN_CTX_new_ex(dh->libctx); if (ctx == NULL) goto err; BN_CTX_start(ctx); @@ -81,18 +80,21 @@ int dh_compute_key(OPENSSL_CTX *libctx, unsigned char *key, return ret; } -static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) +int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { - return dh_compute_key(NULL, key, pub_key, dh); +#ifdef FIPS_MODE + return compute_key(key, pub_key, dh); +#else + return dh->meth->compute_key(key, pub_key, dh); +#endif } -int dh_compute_key_padded(OPENSSL_CTX *libctx, unsigned char *key, - const BIGNUM *pub_key, DH *dh) +int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) { int rv, pad; #ifdef FIPS_MODE - rv = dh_compute_key(libctx, key, pub_key, dh); + rv = compute_key(key, pub_key, dh); #else rv = dh->meth->compute_key(key, pub_key, dh); #endif @@ -106,18 +108,6 @@ int dh_compute_key_padded(OPENSSL_CTX *libctx, unsigned char *key, return rv + pad; } -#ifndef FIPS_MODE -int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - return dh->meth->compute_key(key, pub_key, dh); -} - -int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - return dh_compute_key_padded(NULL, key, pub_key, dh); -} -#endif - static DH_METHOD dh_ossl = { "OpenSSL DH Method", generate_key, @@ -168,14 +158,46 @@ void DH_set_default_method(const DH_METHOD *meth) { default_DH_method = meth; } +#endif /* FIPS_MODE */ int DH_generate_key(DH *dh) { +#ifdef FIPS_MODE + return generate_key(dh); +#else return dh->meth->generate_key(dh); +#endif } -#endif /* FIPS_MODE */ -static int dh_generate_key(OPENSSL_CTX *libctx, DH *dh) +int dh_generate_public_key(BN_CTX *ctx, DH *dh, const BIGNUM *priv_key, + BIGNUM *pub_key) +{ + int ret = 0; + BIGNUM *prk = BN_new(); + BN_MONT_CTX *mont = NULL; + + if (prk == NULL) + return 0; + + if (dh->flags & DH_FLAG_CACHE_MONT_P) { + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, + dh->lock, dh->params.p, ctx); + if (mont == NULL) + goto err; + } + BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); + + /* pub_key = g^priv_key mod p */ + if (!dh->meth->bn_mod_exp(dh, pub_key, dh->params.g, prk, dh->params.p, + ctx, mont)) + goto err; + ret = 1; +err: + BN_clear_free(prk); + return ret; +} + +static int generate_key(DH *dh) { int ok = 0; int generate_new_key = 0; @@ -183,7 +205,6 @@ static int dh_generate_key(OPENSSL_CTX *libctx, DH *dh) unsigned l; #endif BN_CTX *ctx = NULL; - BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { @@ -196,7 +217,7 @@ static int dh_generate_key(OPENSSL_CTX *libctx, DH *dh) return 0; } - ctx = BN_CTX_new_ex(libctx); + ctx = BN_CTX_new_ex(dh->libctx); if (ctx == NULL) goto err; @@ -205,23 +226,17 @@ static int dh_generate_key(OPENSSL_CTX *libctx, DH *dh) if (priv_key == NULL) goto err; generate_new_key = 1; - } else + } else { priv_key = dh->priv_key; + } if (dh->pub_key == NULL) { pub_key = BN_new(); if (pub_key == NULL) goto err; - } else + } else { pub_key = dh->pub_key; - - if (dh->flags & DH_FLAG_CACHE_MONT_P) { - mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, - dh->lock, dh->params.p, ctx); - if (!mont) - goto err; } - if (generate_new_key) { /* Is it an approved safe prime ?*/ if (DH_get_nid(dh) != NID_undef) { @@ -274,22 +289,8 @@ static int dh_generate_key(OPENSSL_CTX *libctx, DH *dh) } } - { - BIGNUM *prk = BN_new(); - - if (prk == NULL) - goto err; - BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); - - /* pub_key = g^priv_key mod p */ - if (!dh->meth->bn_mod_exp(dh, pub_key, dh->params.g, prk, dh->params.p, - ctx, mont)) { - BN_clear_free(prk); - goto err; - } - /* We MUST free prk before any further use of priv_key */ - BN_clear_free(prk); - } + if (!dh_generate_public_key(ctx, dh, priv_key, pub_key)) + goto err; dh->pub_key = pub_key; dh->priv_key = priv_key; @@ -307,11 +308,6 @@ static int dh_generate_key(OPENSSL_CTX *libctx, DH *dh) return ok; } -static int generate_key(DH *dh) -{ - return dh_generate_key(NULL, dh); -} - int dh_buf2key(DH *dh, const unsigned char *buf, size_t len) { int err_reason = DH_R_BN_ERROR; |