SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-08-31 09:00:55 +00:00
parent 7aba15d530
commit 9419b92700
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
14 changed files with 620 additions and 349 deletions
Download patch file Download diff file Expand all files Collapse all files

68
lib/libcrypto/dh/dh_check.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dh_check.c,v 1.28 2023/07/24 16:25:02 tb Exp $ */
/* $OpenBSD: dh_check.c,v 1.29 2024/08/30 17:44:56 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -68,27 +68,10 @@
#define DH_NUMBER_ITERATIONS_FOR_PRIME 64
/*
* Check that p is odd and 1 < g < p - 1. The _ex version removes the need of
* inspecting flags and pushes errors on the stack instead.
* Check that p is odd and 1 < g < p - 1.
*/
int
DH_check_params_ex(const DH *dh)
{
int flags = 0;
if (!DH_check_params(dh, &flags))
return 0;
if ((flags & DH_CHECK_P_NOT_PRIME) != 0)
DHerror(DH_R_CHECK_P_NOT_PRIME);
if ((flags & DH_NOT_SUITABLE_GENERATOR) != 0)
DHerror(DH_R_NOT_SUITABLE_GENERATOR);
return flags == 0;
}
int
static int
DH_check_params(const DH *dh, int *flags)
{
BIGNUM *max_g = NULL;
@ -124,35 +107,8 @@ DH_check_params(const DH *dh, int *flags)
/*
* Check that p is a safe prime and that g is a suitable generator.
* The _ex version puts errors on the stack instead of returning flags.
*/
int
DH_check_ex(const DH *dh)
{
int flags = 0;
if (!DH_check(dh, &flags))
return 0;
if ((flags & DH_NOT_SUITABLE_GENERATOR) != 0)
DHerror(DH_R_NOT_SUITABLE_GENERATOR);
if ((flags & DH_CHECK_Q_NOT_PRIME) != 0)
DHerror(DH_R_CHECK_Q_NOT_PRIME);
if ((flags & DH_CHECK_INVALID_Q_VALUE) != 0)
DHerror(DH_R_CHECK_INVALID_Q_VALUE);
if ((flags & DH_CHECK_INVALID_J_VALUE) != 0)
DHerror(DH_R_CHECK_INVALID_J_VALUE);
if ((flags & DH_UNABLE_TO_CHECK_GENERATOR) != 0)
DHerror(DH_R_UNABLE_TO_CHECK_GENERATOR);
if ((flags & DH_CHECK_P_NOT_PRIME) != 0)
DHerror(DH_R_CHECK_P_NOT_PRIME);
if ((flags & DH_CHECK_P_NOT_SAFE_PRIME) != 0)
DHerror(DH_R_CHECK_P_NOT_SAFE_PRIME);
return flags == 0;
}
int
DH_check(const DH *dh, int *flags)
{
@ -229,24 +185,6 @@ DH_check(const DH *dh, int *flags)
}
LCRYPTO_ALIAS(DH_check);
int
DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
{
int flags = 0;
if (!DH_check_pub_key(dh, pub_key, &flags))
return 0;
if ((flags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
DHerror(DH_R_CHECK_PUBKEY_TOO_SMALL);
if ((flags & DH_CHECK_PUBKEY_TOO_LARGE) != 0)
DHerror(DH_R_CHECK_PUBKEY_TOO_LARGE);
if ((flags & DH_CHECK_PUBKEY_INVALID) != 0)
DHerror(DH_R_CHECK_PUBKEY_INVALID);
return flags == 0;
}
int
DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *flags)
{

11
lib/libcrypto/dh/dh_local.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dh_local.h,v 1.4 2023/11/29 21:35:57 tb Exp $ */
/* $OpenBSD: dh_local.h,v 1.5 2024/08/30 17:44:56 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -102,15 +102,6 @@ struct dh_st {
const DH_METHOD *meth;
};
/*
* Public API in OpenSSL that we only want to use internally.
*/
int DH_check_params_ex(const DH *dh);
int DH_check_params(const DH *dh, int *flags);
int DH_check_ex(const DH *dh);
int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
__END_HIDDEN_DECLS
#endif /* !HEADER_DH_LOCAL_H */