X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/a7ca62755454c07c1f87f93ec6643825041481c2..1431a9004eca672916d485091f3db0a20954a9a0:/dh.c diff --git a/dh.c b/dh.c index 982064f5..33187e02 100644 --- a/dh.c +++ b/dh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.13 2001/04/04 23:09:17 markus Exp $"); +RCSID("$OpenBSD: dh.c,v 1.21 2002/03/06 00:23:27 markus Exp $"); #include "xmalloc.h" @@ -39,7 +39,7 @@ RCSID("$OpenBSD: dh.c,v 1.13 2001/04/04 23:09:17 markus Exp $"); #include "log.h" #include "misc.h" -int +static int parse_prime(int linenum, char *line, struct dhgroup *dhg) { char *cp, *arg; @@ -78,12 +78,14 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) if (cp != NULL || *prime == '\0') goto fail; - dhg->g = BN_new(); - dhg->p = BN_new(); - if (BN_hex2bn(&dhg->g, gen) < 0) + if ((dhg->g = BN_new()) == NULL) + fatal("parse_prime: BN_new failed"); + if ((dhg->p = BN_new()) == NULL) + fatal("parse_prime: BN_new failed"); + if (BN_hex2bn(&dhg->g, gen) == 0) goto failclean; - if (BN_hex2bn(&dhg->p, prime) < 0) + if (BN_hex2bn(&dhg->p, prime) == 0) goto failclean; if (BN_num_bits(dhg->p) != dhg->size) @@ -92,8 +94,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) return (1); failclean: - BN_free(dhg->g); - BN_free(dhg->p); + BN_clear_free(dhg->g); + BN_clear_free(dhg->p); fail: error("Bad prime description in line %d", linenum); return (0); @@ -103,14 +105,14 @@ DH * choose_dh(int min, int wantbits, int max) { FILE *f; - char line[1024]; + char line[2048]; int best, bestcount, which; int linenum; struct dhgroup dhg; - f = fopen(_PATH_DH_PRIMES, "r"); - if (!f) { - log("WARNING: %s does not exist, using old prime", _PATH_DH_PRIMES); + if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL && + (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) { + log("WARNING: %s does not exist, using old modulus", _PATH_DH_MODULI); return (dh_new_group1()); } @@ -120,8 +122,8 @@ choose_dh(int min, int wantbits, int max) linenum++; if (!parse_prime(linenum, line, &dhg)) continue; - BN_free(dhg.g); - BN_free(dhg.p); + BN_clear_free(dhg.g); + BN_clear_free(dhg.p); if (dhg.size > max || dhg.size < min) continue; @@ -134,18 +136,14 @@ choose_dh(int min, int wantbits, int max) if (dhg.size == best) bestcount++; } - fclose (f); + rewind(f); if (bestcount == 0) { + fclose(f); log("WARNING: no suitable primes in %s", _PATH_DH_PRIMES); return (NULL); } - f = fopen(_PATH_DH_PRIMES, "r"); - if (!f) { - fatal("WARNING: %s disappeared, giving up", _PATH_DH_PRIMES); - } - linenum = 0; which = arc4random() % bestcount; while (fgets(line, sizeof(line), f)) { @@ -154,8 +152,8 @@ choose_dh(int min, int wantbits, int max) if ((dhg.size > max || dhg.size < min) || dhg.size != best || linenum++ != which) { - BN_free(dhg.g); - BN_free(dhg.p); + BN_clear_free(dhg.g); + BN_clear_free(dhg.p); continue; } break; @@ -205,9 +203,8 @@ dh_gen_key(DH *dh, int need) BN_num_bits(dh->p), 2*need); do { if (dh->priv_key != NULL) - BN_free(dh->priv_key); - dh->priv_key = BN_new(); - if (dh->priv_key == NULL) + BN_clear_free(dh->priv_key); + if ((dh->priv_key = BN_new()) == NULL) fatal("dh_gen_key: BN_new failed"); /* generate a 2*need bits random private exponent */ if (!BN_rand(dh->priv_key, 2*need, 0, 0)) @@ -228,15 +225,13 @@ DH * dh_new_group_asc(const char *gen, const char *modulus) { DH *dh; - int ret; - dh = DH_new(); - if (dh == NULL) - fatal("DH_new"); + if ((dh = DH_new()) == NULL) + fatal("dh_new_group_asc: DH_new"); - if ((ret = BN_hex2bn(&dh->p, modulus)) < 0) + if (BN_hex2bn(&dh->p, modulus) == 0) fatal("BN_hex2bn p"); - if ((ret = BN_hex2bn(&dh->g, gen)) < 0) + if (BN_hex2bn(&dh->g, gen) == 0) fatal("BN_hex2bn g"); return (dh); @@ -252,9 +247,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus) { DH *dh; - dh = DH_new(); - if (dh == NULL) - fatal("DH_new"); + if ((dh = DH_new()) == NULL) + fatal("dh_new_group: DH_new"); dh->p = modulus; dh->g = gen;