Document the DH library, and make some minor changes along the way.

3 files changed, 17 insertions, 11 deletions

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 5d17a27a2a..c96cdde968 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -98,7 +98,7 @@ struct dh_st
 	BIGNUM *p;
 	BIGNUM *g;
 	int length; /* optional */
-	BIGNUM *pub_key;	/* y */
+	BIGNUM *pub_key;	/* g^x */
 	BIGNUM *priv_key;	/* x */
 
 	int flags;
@@ -121,10 +121,14 @@ struct dh_st
 
 /* DH_check error codes */
 #define DH_CHECK_P_NOT_PRIME		0x01
-#define DH_CHECK_P_NOT_STRONG_PRIME	0x02
+#define DH_CHECK_P_NOT_SAFE_PRIME	0x02
 #define DH_UNABLE_TO_CHECK_GENERATOR	0x04
 #define DH_NOT_SUITABLE_GENERATOR	0x08
 
+/* primes p where (p-1)/2 is prime too are called "safe"; we define
+   this for backward compatibility: */
+#define DH_CHECK_P_NOT_STRONG_PRIME	DH_CHECK_P_NOT_SAFE_PRIME
+
 #define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
 		(char *(*)())d2i_DHparams,(char *)(x))
 #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index a2e7433b9c..7e5cfd8bfc 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -61,7 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-/* Check that p is a strong prime and
+/* Check that p is a safe prime and
  * if g is 2, 3 or 5, check that is is a suitable generator
  * where
  * for 2, p mod 24 == 11
@@ -88,11 +88,13 @@ int DH_check(DH *dh, int *ret)
 		l=BN_mod_word(dh->p,24);
 		if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
 		}
-/*	else if (BN_is_word(dh->g,DH_GENERATOR_3))
+#if 0
+	else if (BN_is_word(dh->g,DH_GENERATOR_3))
 		{
 		l=BN_mod_word(dh->p,12);
 		if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
-		}*/
+		}
+#endif
 	else if (BN_is_word(dh->g,DH_GENERATOR_5))
 		{
 		l=BN_mod_word(dh->p,10);
@@ -102,13 +104,13 @@ int DH_check(DH *dh, int *ret)
 	else
 		*ret|=DH_UNABLE_TO_CHECK_GENERATOR;
 
-	if (!BN_is_prime(dh->p,BN_prime_checks(BN_num_bits(dh->p)),NULL,ctx,NULL))
+	if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
 		*ret|=DH_CHECK_P_NOT_PRIME;
 	else
 		{
 		if (!BN_rshift1(q,dh->p)) goto err;
-		if (!BN_is_prime(q,BN_prime_checks(BN_num_bits(q)),NULL,ctx,NULL))
-			*ret|=DH_CHECK_P_NOT_STRONG_PRIME;
+		if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+			*ret|=DH_CHECK_P_NOT_SAFE_PRIME;
 		}
 	ok=1;
 err:
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index b7bcd2c7a4..f0ee43ed87 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -72,14 +72,14 @@
  * Having said all that,
  * there is another special case method for the generators 2, 3 and 5.
  * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5  <<<<< does not work for strong primes.
+ * for 3, p mod 12 == 5  <<<<< does not work for safe primes.
  * for 5, p mod 10 == 3 or 7
  *
  * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
  * special generators and for answering some of my questions.
  *
  * I've implemented the second simple method :-).
- * Since DH should be using a strong prime (both p and q are prime),
+ * Since DH should be using a safe prime (both p and q are prime),
  * this generator function can take a very very long time to run.
  */
 
@@ -105,7 +105,7 @@ DH *DH_generate_parameters(int prime_len, int generator,
 		BN_set_word(t2,11);
 		g=2;
 		}
-#ifdef undef  /* does not work for strong primes */
+#ifdef undef  /* does not work for safe primes */
 	else if (generator == DH_GENERATOR_3)
 		{
 		BN_set_word(t1,12);