diff options
| -rw-r--r-- | apps/dsaparam.c | 88 | ||||
| -rw-r--r-- | apps/gendh.c | 6 | ||||
| -rw-r--r-- | apps/genrsa.c | 6 | ||||
| -rw-r--r-- | apps/req.c | 6 | ||||
| -rw-r--r-- | apps/s_server.c | 6 | ||||
| -rw-r--r-- | crypto/bn/Makefile.ssl | 6 | ||||
| -rw-r--r-- | crypto/bn/bn.h | 28 | ||||
| -rw-r--r-- | crypto/bn/bn_depr.c | 114 | ||||
| -rw-r--r-- | crypto/bn/bn_prime.c | 80 | ||||
| -rw-r--r-- | crypto/bn/bntest.c | 6 | ||||
| -rw-r--r-- | crypto/dh/Makefile.ssl | 4 | ||||
| -rw-r--r-- | crypto/dh/dh.h | 8 | ||||
| -rw-r--r-- | crypto/dh/dh_check.c | 4 | ||||
| -rw-r--r-- | crypto/dh/dh_depr.c | 81 | ||||
| -rw-r--r-- | crypto/dh/dh_gen.c | 31 | ||||
| -rw-r--r-- | crypto/dh/dhtest.c | 6 | ||||
| -rw-r--r-- | crypto/dsa/Makefile.ssl | 4 | ||||
| -rw-r--r-- | crypto/dsa/dsa.h | 10 | ||||
| -rw-r--r-- | crypto/dsa/dsa_depr.c | 104 | ||||
| -rw-r--r-- | crypto/dsa/dsa_gen.c | 42 | ||||
| -rw-r--r-- | crypto/dsa/dsatest.c | 6 | ||||
| -rw-r--r-- | crypto/ec/ectest.c | 10 | ||||
| -rw-r--r-- | crypto/ecdsa/ecdsatest.c | 8 | ||||
| -rw-r--r-- | crypto/rsa/Makefile.ssl | 4 | ||||
| -rw-r--r-- | crypto/rsa/rsa.h | 8 | ||||
| -rw-r--r-- | crypto/rsa/rsa_chk.c | 4 | ||||
| -rw-r--r-- | crypto/rsa/rsa_depr.c | 83 | ||||
| -rw-r--r-- | crypto/rsa/rsa_gen.c | 58 | ||||
| -rw-r--r-- | doc/crypto/SSLeay_version.pod | 74 | ||||
| -rw-r--r-- | ssl/ssl.h | 2 | ||||
| -rw-r--r-- | ssl/ssltest.c | 14 |
31 files changed, 122 insertions, 789 deletions
diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 63e2cab45f..320d76f632 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -56,12 +56,6 @@ * [including the GNU Public Licence.] */ -/* Until the key-gen callbacks are modified to use newer prototypes, we allow - * deprecated functions for openssl-internal code */ -#ifdef OPENSSL_NO_DEPRECATED -#undef OPENSSL_NO_DEPRECATED -#endif - #ifndef OPENSSL_NO_DSA #include <assert.h> #include <stdio.h> @@ -88,23 +82,9 @@ * -C * -noout * -genkey - * #ifdef GENCB_TEST - * -timebomb n - interrupt keygen after <n> seconds - * #endif */ -#ifdef GENCB_TEST - -static int stop_keygen_flag = 0; - -void timebomb_sigalarm(int foo) - { - stop_keygen_flag = 1; - } - -#endif - -static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb); +static void MS_CALLBACK dsa_cb(int p, int n, void *arg); int MAIN(int, char **); @@ -119,9 +99,6 @@ int MAIN(int argc, char **argv) int numbits= -1,num,genkey=0; int need_rand=0; char *engine=NULL; -#ifdef GENCB_TEST - int timebomb=0; -#endif apps_startup(); @@ -167,13 +144,6 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; engine = *(++argv); } -#ifdef GENCB_TEST - else if(strcmp(*argv, "-timebomb") == 0) - { - if (--argc < 1) goto bad; - timebomb = atoi(*(++argv)); - } -#endif else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-C") == 0) @@ -222,9 +192,6 @@ bad: BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); -#ifdef GENCB_TEST - BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n"); -#endif BIO_printf(bio_err," number number of bits to use for generating private key\n"); goto end; } @@ -280,50 +247,10 @@ bad: if (numbits > 0) { - BN_GENCB cb; - cb.ver = 2; - cb.cb_2 = dsa_cb; - cb.arg = bio_err; - assert(need_rand); - dsa = DSA_new(); - if(!dsa) - { - BIO_printf(bio_err,"Error allocating DSA object\n"); - goto end; - } BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"This could take some time\n"); -#ifdef GENCB_TEST - if(timebomb > 0) - { - struct sigaction act; - act.sa_handler = timebomb_sigalarm; - act.sa_flags = 0; - BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n", - timebomb); - if(sigaction(SIGALRM, &act, NULL) != 0) - { - BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n"); - goto end; - } - alarm(timebomb); - } -#endif - if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb)) - { -#ifdef GENCB_TEST - if(stop_keygen_flag) - { - BIO_printf(bio_err,"DSA key generation time-stopped\n"); - /* This is an asked-for behaviour! */ - ret = 0; - goto end; - } -#endif - BIO_printf(bio_err,"Error, DSA key generation failed\n"); - goto end; - } + dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err); } else if (informat == FORMAT_ASN1) dsa=d2i_DSAparams_bio(in,NULL); @@ -448,7 +375,7 @@ end: OPENSSL_EXIT(ret); } -static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb) +static void MS_CALLBACK dsa_cb(int p, int n, void *arg) { char c='*'; @@ -456,15 +383,10 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write(cb->arg,&c,1); - (void)BIO_flush(cb->arg); + BIO_write(arg,&c,1); + (void)BIO_flush(arg); #ifdef LINT p=n; #endif -#ifdef GENCB_TEST - if(stop_keygen_flag) - return 0; -#endif - return 1; } #endif diff --git a/apps/gendh.c b/apps/gendh.c index 574a13a57a..98ee413c74 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -57,12 +57,6 @@ * [including the GNU Public Licence.] */ -/* Until the key-gen callbacks are modified to use newer prototypes, we allow - * deprecated functions for openssl-internal code */ -#ifdef OPENSSL_NO_DEPRECATED -#undef OPENSSL_NO_DEPRECATED -#endif - #ifndef OPENSSL_NO_DH #include <stdio.h> #include <string.h> diff --git a/apps/genrsa.c b/apps/genrsa.c index 6079688ce9..dbc23e40aa 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -56,12 +56,6 @@ * [including the GNU Public Licence.] */ -/* Until the key-gen callbacks are modified to use newer prototypes, we allow - * deprecated functions for openssl-internal code */ -#ifdef OPENSSL_NO_DEPRECATED -#undef OPENSSL_NO_DEPRECATED -#endif - #ifndef OPENSSL_NO_RSA #include <stdio.h> #include <string.h> diff --git a/apps/req.c b/apps/req.c index 4dca798e4a..a582e69775 100644 --- a/apps/req.c +++ b/apps/req.c @@ -56,12 +56,6 @@ * [including the GNU Public Licence.] */ -/* Until the key-gen callbacks are modified to use newer prototypes, we allow - * deprecated functions for openssl-internal code */ -#ifdef OPENSSL_NO_DEPRECATED -#undef OPENSSL_NO_DEPRECATED -#endif - #include <stdio.h> #include <stdlib.h> #include <time.h> diff --git a/apps/s_server.c b/apps/s_server.c index 39013c2b0b..aa7ff66b70 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -114,12 +114,6 @@ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ -/* Until the key-gen callbacks are modified to use newer prototypes, we allow - * deprecated functions for openssl-internal code */ -#ifdef OPENSSL_NO_DEPRECATED -#undef OPENSSL_NO_DEPRECATED -#endif - #include <assert.h> #include <stdio.h> #include <stdlib.h> diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl index 459a0693ed..d0b64585ed 100644 --- a/crypto/bn/Makefile.ssl +++ b/crypto/bn/Makefile.ssl @@ -39,14 +39,12 @@ LIB=$(TOP)/libcrypto.a LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ - bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ - bn_depr.c + bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \ bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \ - bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \ - bn_depr.o + bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o SRC= $(LIBSRC) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index c1b5b41935..403add94b0 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -287,23 +287,6 @@ typedef struct bn_recp_ctx_st int flags; } BN_RECP_CTX; -/* Used for slow "generation" functions. */ -typedef struct bn_gencb_st BN_GENCB; -struct bn_gencb_st - { - unsigned int ver; /* To handle binary (in)compatibility */ - void *arg; /* callback-specific data */ - union - { - /* if(ver==1) - handles old style callbacks */ - void (*cb_1)(int, int, void *); - /* if(ver==2) - new callback style */ - int (*cb_2)(int, int, BN_GENCB *); - }; - }; -/* Wrapper function to make using BN_GENCB easier, */ -int BN_GENCB_call(BN_GENCB *cb, int a, int b); - #define BN_prime_checks 0 /* default: select number of iterations based on the size of the number */ @@ -448,9 +431,6 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); - -/* Deprecated versions */ -#ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, const BIGNUM *add, const BIGNUM *rem, void (*callback)(int,int,void *),void *cb_arg); @@ -460,14 +440,6 @@ int BN_is_prime(const BIGNUM *p,int nchecks, int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, int do_trial_division); -#endif /* !defined(OPENSSL_NO_DEPRECATED) */ - -/* Newer versions */ -int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, - const BIGNUM *rem, BN_GENCB *cb); -int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); -int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb); BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c deleted file mode 100644 index 76c349833c..0000000000 --- a/crypto/bn/bn_depr.c +++ /dev/null @@ -1,114 +0,0 @@ -/* crypto/bn/bn_depr.c */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* Support for deprecated functions goes here - static linkage will only slurp - * this code if applications are using them directly. */ - -#include <stdio.h> -#include <time.h> -#include "cryptlib.h" -#include "bn_lcl.h" -#include <openssl/rand.h> - -BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback)(int,int,void *), void *cb_arg) - { - BN_GENCB cb; - BIGNUM *rnd=NULL; - int found = 0; - - cb.ver = 1; - cb.arg = cb_arg; - cb.cb_1 = callback; - - if (ret == NULL) - { - if ((rnd=BN_new()) == NULL) goto err; - } - else - rnd=ret; - if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) - goto err; - - /* we have a prime :-) */ - found = 1; -err: - if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); - return(found ? rnd : NULL); - } - -int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *), - BN_CTX *ctx_passed, void *cb_arg) - { - BN_GENCB cb; - cb.ver = 1; - cb.arg = cb_arg; - cb.cb_1 = callback; - return BN_is_prime_ex(a, checks, ctx_passed, &cb); - } - -int BN_is_prime_fasttest(const BIGNUM *a, int checks, - void (*callback)(int,int,void *), - BN_CTX *ctx_passed, void *cb_arg, - int do_trial_division) - { - BN_GENCB cb; - cb.ver = 1; - cb.arg = cb_arg; - cb.cb_1 = callback; - return BN_is_prime_fasttest_ex(a, checks, ctx_passed, - do_trial_division, &cb); - } diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index a9ec01d916..918b9237c6 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -115,11 +115,6 @@ #include "bn_lcl.h" #include <openssl/rand.h> -/* NB: these functions have been "upgraded", the deprecated versions (which are - * compatibility wrappers using these functions) are in bn_depr.c. - * - Geoff - */ - /* The quick sieve algorithm approach to weeding out primes is * Philip Zimmermann's, as implemented in PGP. I have had a read of * his comments and implemented my own version. @@ -134,29 +129,11 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -int BN_GENCB_call(BN_GENCB *cb, int a, int b) - { - /* No callback means continue */ - if(!cb) return 1; - switch(cb->ver) - { - case 1: - /* Deprecated-style callbacks */ - cb->cb_1(a, b, cb->arg); - return 1; - case 2: - /* New-style callbacks */ - return cb->cb_2(a, b, cb); - default: - break; - } - /* Unrecognised callback type */ - return 0; - } - -int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) +BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback)(int,int,void *), void *cb_arg) { + BIGNUM *rnd=NULL; BIGNUM t; int found=0; int i,j,c1=0; @@ -165,34 +142,38 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, ctx=BN_CTX_new(); if (ctx == NULL) goto err; + if (ret == NULL) + { + if ((rnd=BN_new()) == NULL) goto err; + } + else + rnd=ret; BN_init(&t); loop: /* make a random number and set the top and bottom bits */ if (add == NULL) { - if (!probable_prime(ret,bits)) goto err; + if (!probable_prime(rnd,bits)) goto err; } else { if (safe) { - if (!probable_prime_dh_safe(ret,bits,add,rem,ctx)) + if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx)) goto err; } else { - if (!probable_prime_dh(ret,bits,add,rem,ctx)) + if (!probable_prime_dh(rnd,bits,add,rem,ctx)) goto err; } } - /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ - if(!BN_GENCB_call(cb, 0, c1++)) - /* aborted */ - goto err; + /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */ + if (callback != NULL) callback(0,c1++,cb_arg); if (!safe) { - i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb); + i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0); if (i == -1) goto err; if (i == 0) goto loop; } @@ -202,38 +183,41 @@ loop: * check that (p-1)/2 is prime. * Since a prime is odd, We just * need to divide by 2 */ - if (!BN_rshift1(&t,ret)) goto err; + if (!BN_rshift1(&t,rnd)) goto err; for (i=0; i<checks; i++) { - j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb); + j=BN_is_prime_fasttest(rnd,1,callback,ctx,cb_arg,0); if (j == -1) goto err; if (j == 0) goto loop; - j=BN_is_prime_fasttest_ex(&t,1,ctx,0,cb); + j=BN_is_prime_fasttest(&t,1,callback,ctx,cb_arg,0); if (j == -1) goto err; if (j == 0) goto loop; - if(!BN_GENCB_call(cb, 2, c1-1)) - goto err; + if (callback != NULL) callback(2,c1-1,cb_arg); /* We have a safe prime test pass */ } } /* we have a prime :-) */ found = 1; err: + if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); BN_free(&t); if (ctx != NULL) BN_CTX_free(ctx); - return found; + return(found ? rnd : NULL); } -int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb) +int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *), + BN_CTX *ctx_passed, void *cb_arg) { - return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb); + return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0); } -int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, - int do_trial_division, BN_GENCB *cb) +int BN_is_prime_fasttest(const BIGNUM *a, int checks, + void (*callback)(int,int,void *), + BN_CTX *ctx_passed, void *cb_arg, + int do_trial_division) { int i, j, ret = -1; int k; @@ -256,8 +240,7 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, for (i = 1; i < NUMPRIMES; i++) if (BN_mod_word(a, primes[i]) == 0) return 0; - if(!BN_GENCB_call(cb, 1, -1)) - goto err; + if (callback != NULL) callback(1, -1, cb_arg); } if (ctx_passed != NULL) @@ -323,8 +306,7 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, ret=0; goto err; } - if(!BN_GENCB_call(cb, 1, i)) - goto err; + if (callback != NULL) callback(1,i,cb_arg); } ret=1; err: diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 0149e8c3c4..d87ccf9c6a 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -69,12 +69,6 @@ * */ -/* Until the key-gen callbacks are modified to use newer prototypes, we allow - * deprecated functions for openssl-internal code */ -#ifdef OPENSSL_NO_DEPRECATED -#undef OPENSSL_NO_DEPRECATED -#endif - #include <stdio.h> #include <stdlib.h> #include <string.h> diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index c1ed5ad920..e1cb248db5 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -23,8 +23,8 @@ TEST= dhtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c -LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o +LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c +LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o SRC= $(LIBSRC) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index cab9b1493d..05851f8429 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -165,16 +165,8 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); - -/* Deprecated version */ -#ifndef OPENSSL_NO_DEPRECATED DH * DH_generate_parameters(int prime_len,int generator, void (*callback)(int,int,void *),void *cb_arg); -#endif /* !defined(OPENSSL_NO_DEPRECATED) */ - -/* New version */ -int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); - int DH_check(const DH *dh,int *codes); int DH_generate_key(DH *dh); int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index bfc9c3ad76..f0373f7d68 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -104,12 +104,12 @@ int DH_check(const DH *dh, int *ret) else *ret|=DH_UNABLE_TO_CHECK_GENERATOR; - if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) + if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL)) *ret|=DH_CHECK_P_NOT_PRIME; else { if (!BN_rshift1(q,dh->p)) goto err; - if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL)) + if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL)) *ret|=DH_CHECK_P_NOT_SAFE_PRIME; } ok=1; diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c deleted file mode 100644 index 8a909b1959..0000000000 --- a/crypto/dh/dh_depr.c +++ /dev/null @@ -1,81 +0,0 @@ -/* crypto/dh/dh_depr.c */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -/* This file contains deprecated functions as wrappers to the new ones */ - -#include <stdio.h> -#include "cryptlib.h" -#include <openssl/bn.h> -#include <openssl/dh.h> - -DH *DH_generate_parameters(int prime_len, int generator, - void (*callback)(int,int,void *), void *cb_arg) - { - BN_GENCB cb; - DH *ret=NULL; - - if((ret=DH_new()) == NULL) - return NULL; - - cb.ver = 1; - cb.arg = cb_arg; - cb.cb_1 = callback; - - if(DH_generate_parameters_ex(ret, prime_len, generator, &cb)) - return ret; - DH_free(ret); - return NULL; - } diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index a929a0f064..06f78b35ab 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -56,11 +56,6 @@ * [including the GNU Public Licence.] */ -/* NB: These functions have been upgraded - the previous prototypes are in - * dh_depr.c as wrappers to these ones. - * - Geoff - */ - #include <stdio.h> #include "cryptlib.h" #include <openssl/bn.h> @@ -91,22 +86,22 @@ * It's just as OK (and in some sense better) to use a generator of the * order-q subgroup. */ -int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) +DH *DH_generate_parameters(int prime_len, int generator, + void (*callback)(int,int,void *), void *cb_arg) { - BIGNUM *t1,*t2; + BIGNUM *p=NULL,*t1,*t2; + DH *ret=NULL; int g,ok= -1; BN_CTX *ctx=NULL; + ret=DH_new(); + if (ret == NULL) goto err; ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); t1 = BN_CTX_get(ctx); t2 = BN_CTX_get(ctx); if (t1 == NULL || t2 == NULL) goto err; |