Attachment #1914 for bug #1260

View | Details | Raw Unified | Return to bug 1260
Collapse All | Expand All

Lines 3-9 Link Here

(-)Makefile.inc (-1 / +2 lines)
3	CFLAGS+= -I${.CURDIR}/..	3	CFLAGS+= -I${.CURDIR}/..
4		4
5	CDIAGFLAGS= -Wall	5	CDIAGFLAGS= -Wall
6	#CDIAGFLAGS+= -Werror	6	CDIAGFLAGS+= -Werror
7	CDIAGFLAGS+= -Wpointer-arith	7	CDIAGFLAGS+= -Wpointer-arith
8	CDIAGFLAGS+= -Wno-uninitialized	8	CDIAGFLAGS+= -Wno-uninitialized
9	CDIAGFLAGS+= -Wstrict-prototypes	9	CDIAGFLAGS+= -Wstrict-prototypes
Lines 15-20 CDIAGFLAGS+= -Wshadow Link Here
15		15
16	#DEBUG=-g	16	#DEBUG=-g
17		17
		18	CFLAGS+= -DOPENSSL_NO_DEPRECATED
18	#CFLAGS+= -DJPAKE	19	#CFLAGS+= -DJPAKE
19		20
20	CFLAGS+= -DENABLE_PKCS11	21	CFLAGS+= -DENABLE_PKCS11

Lines 25-30 Link Here

(-)kexdhc.c (+2 lines)
25		25
26	#include <sys/types.h>	26	#include <sys/types.h>
27		27
		28	#include <openssl/dh.h>
		29
28	#include <stdio.h>	30	#include <stdio.h>
29	#include <string.h>	31	#include <string.h>
30	#include <signal.h>	32	#include <signal.h>

Lines 28-33 Link Here

(-)kexdhs.c (+2 lines)
28	#include <string.h>	28	#include <string.h>
29	#include <signal.h>	29	#include <signal.h>
30		30
		31	#include <openssl/dh.h>
		32
31	#include "xmalloc.h"	33	#include "xmalloc.h"
32	#include "buffer.h"	34	#include "buffer.h"
33	#include "key.h"	35	#include "key.h"

Lines 26-31 Link Here

(-)kexgexc.c (+2 lines)
26		26
27	#include <sys/types.h>	27	#include <sys/types.h>
28		28
		29	#include <openssl/dh.h>
		30
29	#include <stdio.h>	31	#include <stdio.h>
30	#include <string.h>	32	#include <string.h>
31	#include <signal.h>	33	#include <signal.h>

Lines 30-35 Link Here

(-)kexgexs.c (+2 lines)
30	#include <string.h>	30	#include <string.h>
31	#include <signal.h>	31	#include <signal.h>
32		32
		33	#include <openssl/dh.h>
		34
33	#include "xmalloc.h"	35	#include "xmalloc.h"
34	#include "buffer.h"	36	#include "buffer.h"
35	#include "key.h"	37	#include "key.h"




static RSA *
rsa_generate_private_key(u_int bits)
{
	RSA *private = RSA_new();
	BIGNUM *f4 = BN_new();

	private = RSA_generate_key(bits, RSA_F4, NULL, NULL);
	if (private == NULL)
		fatal("%s: RSA_new failed", __func__);
	if (f4 == NULL)
		fatal("%s: BN_new failed", __func__);
	if (!BN_set_word(f4, RSA_F4))
		fatal("%s: BN_new failed", __func__);
	if (!RSA_generate_key_ex(private, bits, f4, NULL))
		fatal("%s: key generation failed.", __func__);
	BN_free(f4);
	return private;
}

static DSA*
dsa_generate_private_key(u_int bits)
{
	DSA *private = DSA_new();

	if (private == NULL)
		fatal("%s: DSA_new failed", __func__);
	if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
	    NULL, NULL))
		fatal("%s: DSA_generate_parameters failed", __func__);
	if (!DSA_generate_key(private))
		fatal("%s: DSA_generate_key failed.", __func__);
	if (private == NULL)
		fatal("dsa_generate_private_key: NULL.");
	return private;
}





		 * that p is also prime. A single pass will weed out the
		 * vast majority of composite q's.
		 */
		if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) {
			debug("%10u: q failed first possible prime test",
			    count_in);
			continue;

		 * will show up on the first Rabin-Miller iteration so it
		 * doesn't hurt to specify a high iteration count.
		 */
		if (!BN_is_prime_ex(p, trials, ctx, NULL)) {
			debug("%10u: p is not prime", count_in);
			continue;
		}
		debug("%10u: p is almost certainly prime", count_in);

		/* recheck q more rigorously */
		if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) {
			debug("%10u: q is not prime", count_in);
			continue;
		}

Return to bug 1260

Lines 871-895 key_size(const Key *k) Link Here

(-)key.c (-8 / +16 lines)
871	static RSA *	871	static RSA *
872	rsa_generate_private_key(u_int bits)	872	rsa_generate_private_key(u_int bits)
873	{	873	{
874	RSA *private;	874	RSA *private = RSA_new();
		875	BIGNUM *f4 = BN_new();
875		876
876	private = RSA_generate_key(bits, RSA_F4, NULL, NULL);
877	if (private == NULL)	877	if (private == NULL)
878	fatal("rsa_generate_private_key: key generation failed.");	878	fatal("%s: RSA_new failed", __func__);
		879	if (f4 == NULL)
		880	fatal("%s: BN_new failed", __func__);
		881	if (!BN_set_word(f4, RSA_F4))
		882	fatal("%s: BN_new failed", __func__);
		883	if (!RSA_generate_key_ex(private, bits, f4, NULL))
		884	fatal("%s: key generation failed.", __func__);
		885	BN_free(f4);
879	return private;	886	return private;
880	}	887	}
881		888
882	static DSA*	889	static DSA*
883	dsa_generate_private_key(u_int bits)	890	dsa_generate_private_key(u_int bits)
884	{	891	{
885	DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);	892	DSA *private = DSA_new();
886		893
887	if (private == NULL)	894	if (private == NULL)
888	fatal("dsa_generate_private_key: DSA_generate_parameters failed");	895	fatal("%s: DSA_new failed", __func__);
		896	if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
		897	NULL, NULL))
		898	fatal("%s: DSA_generate_parameters failed", __func__);
889	if (!DSA_generate_key(private))	899	if (!DSA_generate_key(private))
890	fatal("dsa_generate_private_key: DSA_generate_key failed.");	900	fatal("%s: DSA_generate_key failed.", __func__);
891	if (private == NULL)
892	fatal("dsa_generate_private_key: NULL.");
893	return private;	901	return private;
894	}	902	}
895		903

Lines 598-604 prime_test(FILE in, FILE out, u_int32_ Link Here

(-)moduli.c (-3 / +3 lines)
598	* that p is also prime. A single pass will weed out the	598	* that p is also prime. A single pass will weed out the
599	* vast majority of composite q's.	599	* vast majority of composite q's.
600	*/	600	*/
601	if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) {	601	if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) {
602	debug("%10u: q failed first possible prime test",	602	debug("%10u: q failed first possible prime test",
603	count_in);	603	count_in);
604	continue;	604	continue;
Lines 611-624 prime_test(FILE in, FILE out, u_int32_ Link Here
611	* will show up on the first Rabin-Miller iteration so it	611	* will show up on the first Rabin-Miller iteration so it
612	* doesn't hurt to specify a high iteration count.	612	* doesn't hurt to specify a high iteration count.
613	*/	613	*/
614	if (!BN_is_prime(p, trials, NULL, ctx, NULL)) {	614	if (!BN_is_prime_ex(p, trials, ctx, NULL)) {
615	debug("%10u: p is not prime", count_in);	615	debug("%10u: p is not prime", count_in);
616	continue;	616	continue;
617	}	617	}
618	debug("%10u: p is almost certainly prime", count_in);	618	debug("%10u: p is almost certainly prime", count_in);
619		619
620	/* recheck q more rigorously */	620	/* recheck q more rigorously */
621	if (!BN_is_prime(q, trials - 1, NULL, ctx, NULL)) {	621	if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) {
622	debug("%10u: q is not prime", count_in);	622	debug("%10u: q is not prime", count_in);
623	continue;	623	continue;
624	}	624	}