diff options
-rw-r--r-- | lib/libcsi/csi_dh.c | 35 | ||||
-rw-r--r-- | lib/libcsi/csi_internal.h | 6 | ||||
-rw-r--r-- | lib/libcsi/csi_util.c | 5 |
3 files changed, 27 insertions, 19 deletions
diff --git a/lib/libcsi/csi_dh.c b/lib/libcsi/csi_dh.c index f9458e09a0e..2d38595d342 100644 --- a/lib/libcsi/csi_dh.c +++ b/lib/libcsi/csi_dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: csi_dh.c,v 1.2 2018/06/02 17:43:14 jsing Exp $ */ +/* $OpenBSD: csi_dh.c,v 1.3 2022/01/10 23:03:07 tb Exp $ */ /* * Copyright (c) 2000, 2001, 2015 Markus Friedl <markus@openbsd.org> * Copyright (c) 2006, 2016 Damien Miller <djm@openbsd.org> @@ -141,24 +141,29 @@ csi_dh_shared_free(struct csi_dh_shared *cdhs) int csi_dh_set_params(struct csi_dh *cdh, struct csi_dh_params *params) { + BIGNUM *p = NULL, *g = NULL; + if (csi_dh_init(cdh) == -1) goto err; - if (csi_integer_to_bn(&cdh->err, "p", ¶ms->p, - &cdh->dh->p) == -1) + if (csi_integer_to_bn(&cdh->err, "p", ¶ms->p, &p) == -1) + goto err; + if (csi_integer_to_bn(&cdh->err, "g", ¶ms->g, &g) == -1) goto err; - if (csi_integer_to_bn(&cdh->err, "g", ¶ms->g, - &cdh->dh->g) == -1) + if (!DH_set0_pqg(cdh->dh, p, NULL, g)) goto err; return 0; err: + BN_free(p); + BN_free(g); + return -1; } int -csi_dh_public_is_valid(struct csi_dh *cdh, BIGNUM *pubkey) +csi_dh_public_is_valid(struct csi_dh *cdh, const BIGNUM *pubkey) { BIGNUM *tmp = NULL; int bits_set = 0; @@ -182,7 +187,7 @@ csi_dh_public_is_valid(struct csi_dh *cdh, BIGNUM *pubkey) goto bad; } - if (!BN_sub(tmp, cdh->dh->p, BN_value_one()) || + if (!BN_sub(tmp, DH_get0_p(cdh->dh), BN_value_one()) || BN_cmp(pubkey, tmp) != -1) { csi_err_setx(&cdh->err, CSI_ERR_INVAL, "invalid DH public key value (>= p-1)"); @@ -199,7 +204,7 @@ csi_dh_public_is_valid(struct csi_dh *cdh, BIGNUM *pubkey) if (bits_set < 4) { csi_err_setx(&cdh->err, CSI_ERR_INVAL, "invalid DH public key value (%d/%d bits)", - bits_set, BN_num_bits(cdh->dh->p)); + bits_set, BN_num_bits(DH_get0_p(cdh->dh))); goto bad; } @@ -243,9 +248,9 @@ csi_dh_params(struct csi_dh *cdh) if ((cdhp = calloc(1, sizeof(*cdhp))) == NULL) goto errmem; - if (csi_bn_to_integer(&cdh->err, cdh->dh->p, &cdhp->p) != 0) + if (csi_bn_to_integer(&cdh->err, DH_get0_p(cdh->dh), &cdhp->p) != 0) goto err; - if (csi_bn_to_integer(&cdh->err, cdh->dh->g, &cdhp->g) != 0) + if (csi_bn_to_integer(&cdh->err, DH_get0_g(cdh->dh), &cdhp->g) != 0) goto err; return cdhp; @@ -265,7 +270,8 @@ csi_dh_public_key(struct csi_dh *cdh) if ((cdhp = calloc(1, sizeof(*cdhp))) == NULL) goto errmem; - if (csi_bn_to_integer(&cdh->err, cdh->dh->pub_key, &cdhp->key) != 0) + if (csi_bn_to_integer(&cdh->err, DH_get0_pub_key(cdh->dh), + &cdhp->key) != 0) goto err; return cdhp; @@ -324,7 +330,7 @@ csi_dh_generate_keys(struct csi_dh *cdh, size_t length, */ length *= 2; - if ((pbits = BN_num_bits(cdh->dh->p)) <= 0) { + if ((pbits = BN_num_bits(DH_get0_p(cdh->dh))) <= 0) { csi_err_setx(&cdh->err, CSI_ERR_CRYPTO, "invalid p bignum"); goto err; @@ -335,7 +341,8 @@ csi_dh_generate_keys(struct csi_dh *cdh, size_t length, goto err; } - cdh->dh->length = MINIMUM((int)length, pbits - 1); + if (!DH_set_length(cdh->dh, MINIMUM((int)length, pbits - 1))) + goto err; } if (!DH_generate_key(cdh->dh)) { @@ -343,7 +350,7 @@ csi_dh_generate_keys(struct csi_dh *cdh, size_t length, goto err; } - if (!csi_dh_public_is_valid(cdh, cdh->dh->pub_key)) + if (!csi_dh_public_is_valid(cdh, DH_get0_pub_key(cdh->dh))) goto err; if (public != NULL) { diff --git a/lib/libcsi/csi_internal.h b/lib/libcsi/csi_internal.h index 74e6a640dc1..ab331e1330c 100644 --- a/lib/libcsi/csi_internal.h +++ b/lib/libcsi/csi_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: csi_internal.h,v 1.2 2018/06/02 17:43:14 jsing Exp $ */ +/* $OpenBSD: csi_internal.h,v 1.3 2022/01/10 23:03:07 tb Exp $ */ /* * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> * @@ -49,11 +49,11 @@ int csi_err_setx(struct csi_err *_err, u_int _code, const char *_fmt, ...); int csi_integer_to_bn(struct csi_err *_err, const char *_field, struct csi_integer *_value, BIGNUM **_bn); -int csi_bn_to_integer(struct csi_err *_err, BIGNUM *_bn, +int csi_bn_to_integer(struct csi_err *_err, const BIGNUM *_bn, struct csi_integer *_integer); struct csi_dh_params *csi_dh_params_dup(struct csi_dh_params *_cdhp); -int csi_dh_public_is_valid(struct csi_dh *_cdh, BIGNUM *_pubkey); +int csi_dh_public_is_valid(struct csi_dh *_cdh, const BIGNUM *_pubkey); __END_HIDDEN_DECLS diff --git a/lib/libcsi/csi_util.c b/lib/libcsi/csi_util.c index a0f06f9999c..6aadf5fa0ea 100644 --- a/lib/libcsi/csi_util.c +++ b/lib/libcsi/csi_util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: csi_util.c,v 1.1 2018/06/02 17:40:33 jsing Exp $ */ +/* $OpenBSD: csi_util.c,v 1.2 2022/01/10 23:03:07 tb Exp $ */ /* * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> * @@ -44,7 +44,8 @@ csi_integer_to_bn(struct csi_err *err, const char *field, } int -csi_bn_to_integer(struct csi_err *err, BIGNUM *bn, struct csi_integer *integer) +csi_bn_to_integer(struct csi_err *err, const BIGNUM *bn, + struct csi_integer *integer) { uint8_t *b = NULL; int len = 0; |