*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.24 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: dh.c,v 1.29 2004/02/27 22:49:27 dtucker Exp $");
#include "xmalloc.h"
if (BN_num_bits(dhg->p) != dhg->size)
goto failclean;
+ if (BN_is_zero(dhg->g) || BN_is_one(dhg->g))
+ goto failclean;
+
return (1);
failclean:
choose_dh(int min, int wantbits, int max)
{
FILE *f;
- char line[2048];
+ char line[4096];
int best, bestcount, which;
int linenum;
struct dhgroup dhg;
void
dh_gen_key(DH *dh, int need)
{
- int i, bits_set = 0, tries = 0;
+ int i, bits_set, tries = 0;
if (dh->p == NULL)
fatal("dh_gen_key: dh->p == NULL");
- if (2*need >= BN_num_bits(dh->p))
+ if (need > INT_MAX / 2 || 2 * need >= BN_num_bits(dh->p))
fatal("dh_gen_key: group too small: %d (2*need %d)",
BN_num_bits(dh->p), 2*need);
do {
fatal("dh_gen_key: BN_rand failed");
if (DH_generate_key(dh) == 0)
fatal("DH_generate_key");
- for (i = 0; i <= BN_num_bits(dh->priv_key); i++)
+ for (i = 0, bits_set = 0; i <= BN_num_bits(dh->priv_key); i++)
if (BN_is_bit_set(dh->priv_key, i))
bits_set++;
debug2("dh_gen_key: priv key bits set: %d/%d",
dh_estimate(int bits)
{
- if (bits < 64)
- return (512); /* O(2**63) */
- if (bits < 128)
+ if (bits <= 128)
return (1024); /* O(2**86) */
- if (bits < 192)
+ if (bits <= 192)
return (2048); /* O(2**116) */
return (4096); /* O(2**156) */
}