diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-10-27 09:51:11 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-10-27 09:51:11 +0000 |
| commit | c6efe30c16a6a0035e3e4bbf57971d96afa9944b (patch) | |
| tree | c22c2d58134dabc64bc788f1851beb5ac7d04a93 | |
| parent | b613005c0d8380b24315cdca7cc7f6e1f390127a (diff) | |
| download | gnutls-c6efe30c16a6a0035e3e4bbf57971d96afa9944b.tar.gz | |
Used the new gcrypt API for generating primes and groups.
| -rw-r--r-- | configure.in | 2 | ||||
| -rw-r--r-- | lib/gnutls_dh_primes.c | 77 |
2 files changed, 59 insertions, 20 deletions
diff --git a/configure.in b/configure.in index 2fd1dfd15e..93a0f9c815 100644 --- a/configure.in +++ b/configure.in @@ -17,7 +17,7 @@ GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION", [version of gnutls]) -GNUTLS_GCRYPT_VERSION=1.1.43 +GNUTLS_GCRYPT_VERSION=1.1.44 AC_DEFINE_UNQUOTED(GNUTLS_GCRYPT_VERSION, "$GNUTLS_GCRYPT_VERSION", [version of gnutls]) AM_INIT_AUTOMAKE(gnutls, $GNUTLS_VERSION, [version of gnutls]) diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index 075968f704..7e7cc29f9b 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -61,38 +61,70 @@ int _gnutls_get_dh_params(gnutls_dh_params dh_primes, return 0; } -/* These should be added in gcrypt.h */ -GNUTLS_MPI _gcry_generate_elg_prime(int mode, unsigned pbits, - unsigned qbits, GNUTLS_MPI g, - GNUTLS_MPI ** ret_factors); - int _gnutls_dh_generate_prime(GNUTLS_MPI * ret_g, GNUTLS_MPI * ret_n, unsigned int bits) { - GNUTLS_MPI g, prime; - int qbits; - + GNUTLS_MPI g=NULL, prime=NULL; + gcry_error_t err; + int result, times = 0, qbits; + GNUTLS_MPI *factors = NULL; + g = mpi_new(16); /* this should be ok */ if (g == NULL) { gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; } - /* generate a random prime */ - /* this is an emulation of Michael Wiener's table - * bad emulation. + prime = mpi_new(32); + if (prime == NULL) { + gnutls_assert(); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + /* Calculate the size of a prime factor of (prime-1)/2. + * This is a bad emulation of Michael Wiener's table */ - qbits = 120 + (((bits / 256) - 1) * 20); - if (qbits & 1) /* better have an even number */ - qbits++; + qbits = 120 + (((bits / 256) - 1) * 20); + if (qbits & 1) /* better have an even number */ + qbits++; - prime = _gcry_generate_elg_prime(0, bits, qbits, g, NULL); - if (prime == NULL) { + /* find a prime number of size bits. + */ + do { + err = gcry_prime_generate( &prime, bits, qbits, + &factors, NULL, NULL, GCRY_STRONG_RANDOM, + GCRY_PRIME_FLAG_SPECIAL_FACTOR); + + if (err != 0) { + gnutls_assert(); + result = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + + err = gcry_prime_check( prime, 0); + + times++; + } while( err != 0 && times < 10); + + if (err != 0) { gnutls_assert(); - _gnutls_mpi_release(&g); - return GNUTLS_E_MEMORY_ERROR; + result = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; } + /* generate the group generator. + */ + err = gcry_prime_group_generator (&g, prime, factors, NULL); + if (err != 0) { + gnutls_assert(); + result = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + + gcry_prime_release_factors (factors); factors = NULL; + if (ret_g) *ret_g = g; else @@ -104,6 +136,13 @@ int _gnutls_dh_generate_prime(GNUTLS_MPI * ret_g, GNUTLS_MPI * ret_n, return 0; + cleanup: + gcry_prime_release_factors (factors); + _gnutls_mpi_release(&g); + _gnutls_mpi_release(&prime); + + return result; + } /* Replaces the prime in the static DH parameters, with a randomly |