diff options
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh.h | 8 | ||||
-rw-r--r-- | crypto/dh/dh_check.c | 14 | ||||
-rw-r--r-- | crypto/dh/dh_gen.c | 6 |
3 files changed, 17 insertions, 11 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 5d17a27a2a..c96cdde968 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -98,7 +98,7 @@ struct dh_st BIGNUM *p; BIGNUM *g; int length; /* optional */ - BIGNUM *pub_key; /* y */ + BIGNUM *pub_key; /* g^x */ BIGNUM *priv_key; /* x */ int flags; @@ -121,10 +121,14 @@ struct dh_st /* DH_check error codes */ #define DH_CHECK_P_NOT_PRIME 0x01 -#define DH_CHECK_P_NOT_STRONG_PRIME 0x02 +#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 #define DH_UNABLE_TO_CHECK_GENERATOR 0x04 #define DH_NOT_SUITABLE_GENERATOR 0x08 +/* primes p where (p-1)/2 is prime too are called "safe"; we define + this for backward compatibility: */ +#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + #define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \ (char *(*)())d2i_DHparams,(char *)(x)) #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index a2e7433b9c..7e5cfd8bfc 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -61,7 +61,7 @@ #include <openssl/bn.h> #include <openssl/dh.h> -/* Check that p is a strong prime and +/* Check that p is a safe prime and * if g is 2, 3 or 5, check that is is a suitable generator * where * for 2, p mod 24 == 11 @@ -88,11 +88,13 @@ int DH_check(DH *dh, int *ret) l=BN_mod_word(dh->p,24); if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; } -/* else if (BN_is_word(dh->g,DH_GENERATOR_3)) +#if 0 + else if (BN_is_word(dh->g,DH_GENERATOR_3)) { l=BN_mod_word(dh->p,12); if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; - }*/ + } +#endif else if (BN_is_word(dh->g,DH_GENERATOR_5)) { l=BN_mod_word(dh->p,10); @@ -102,13 +104,13 @@ int DH_check(DH *dh, int *ret) else *ret|=DH_UNABLE_TO_CHECK_GENERATOR; - if (!BN_is_prime(dh->p,BN_prime_checks(BN_num_bits(dh->p)),NULL,ctx,NULL)) + if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL)) *ret|=DH_CHECK_P_NOT_PRIME; else { if (!BN_rshift1(q,dh->p)) goto err; - if (!BN_is_prime(q,BN_prime_checks(BN_num_bits(q)),NULL,ctx,NULL)) - *ret|=DH_CHECK_P_NOT_STRONG_PRIME; + if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL)) + *ret|=DH_CHECK_P_NOT_SAFE_PRIME; } ok=1; err: diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index b7bcd2c7a4..f0ee43ed87 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -72,14 +72,14 @@ * Having said all that, * there is another special case method for the generators 2, 3 and 5. * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 <<<<< does not work for strong primes. + * for 3, p mod 12 == 5 <<<<< does not work for safe primes. * for 5, p mod 10 == 3 or 7 * * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the * special generators and for answering some of my questions. * * I've implemented the second simple method :-). - * Since DH should be using a strong prime (both p and q are prime), + * Since DH should be using a safe prime (both p and q are prime), * this generator function can take a very very long time to run. */ @@ -105,7 +105,7 @@ DH *DH_generate_parameters(int prime_len, int generator, BN_set_word(t2,11); g=2; } -#ifdef undef /* does not work for strong primes */ +#ifdef undef /* does not work for safe primes */ else if (generator == DH_GENERATOR_3) { BN_set_word(t1,12); |