Add documentation for CMS_EnvelopedData_create()

[openssl.git] / crypto / ffc / ffc_params_generate.c

diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index c32c33e8b8b47221b228065a3434a23f4e4d2404..1d8d80c9b4c63e30827aad642a882393e866e92d 100644 (file)
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -46,8 +46,6 @@ static int ffc_validate_LN(size_t L, size_t N, int type)
             return 80;
         if (L == 2048 && (N == 224 || N == 256))
             return 112;
-        if (L == 2048 && N == 256)
-            return 112;
         if (L == 3072 && N == 256)
             return 128;
     }
@@ -103,13 +101,14 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
     EVP_MD_CTX *mctx = NULL;
     int mdsize;
 
+    mdsize = EVP_MD_size(evpmd);
+    if (mdsize <= 0)
+        return 0;
+
     mctx = EVP_MD_CTX_new();
     if (mctx == NULL)
-        goto err;
+        return 0;
 
-    mdsize = EVP_MD_size(evpmd);
-    if (mdsize <= 0)
-        goto err;
    /*
     * A.2.3 Step (4) & (5)
     * A.2.4 Step (6) & (7)
@@ -134,7 +133,7 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
                 || !EVP_DigestFinal_ex(mctx, md, NULL)
                 || (BN_bin2bn(md, mdsize, tmp) == NULL)
                 || !BN_mod_exp_mont(g, tmp, e, p, ctx, mont))
-                    return 0;
+                    break; /* exit on failure */
         /*
          * A.2.3 Step (10)
          * A.2.4 Step (12)
@@ -145,7 +144,6 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
             break; /* found g */
         }
     }
-err:
     EVP_MD_CTX_free(mctx);
     return ret;
 }
@@ -476,10 +474,10 @@ static EVP_MD *fetch_default_md(OPENSSL_CTX *libctx, size_t N)
  *   - FFC_PARAMS_RET_STATUS_UNVERIFIABLE_G if the validation of G succeeded,
  *     but G is unverifiable.
  */
-int ffc_param_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
-                                   int type, size_t L, size_t N,
-                                   const EVP_MD *evpmd, int validate_flags,
-                                   int *res, BN_GENCB *cb)
+int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
+                                    int type, size_t L, size_t N,
+                                    const EVP_MD *evpmd, int validate_flags,
+                                    int *res, BN_GENCB *cb)
 {
     int ok = FFC_PARAMS_RET_STATUS_FAILED;
     unsigned char *seed = NULL, *seed_tmp = NULL;
@@ -489,7 +487,7 @@ int ffc_param_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
     BIGNUM *g = NULL, *q = NULL, *p = NULL;
     BN_MONT_CTX *mont = NULL;
     int n = 0, m = 0, qsize = N >> 3;
-    int canonical_g = 0, hret = -1;
+    int canonical_g = 0, hret = 0;
     BN_CTX *ctx = NULL;
     EVP_MD_CTX *mctx = NULL;
     int generate = (validate_flags == 0);
@@ -743,7 +741,7 @@ err:
     if (seed != params->seed)
         OPENSSL_free(seed);
     OPENSSL_free(seed_tmp);
-    if (ctx)
+    if (ctx != NULL)
         BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     BN_MONT_CTX_free(mont);
@@ -752,10 +750,10 @@ err:
     return ok;
 }
 
-int ffc_param_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
-                                   int type, size_t L, size_t N,
-                                   const EVP_MD *evpmd, int validate_flags,
-                                   int *res, BN_GENCB *cb)
+int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
+                                    int type, size_t L, size_t N,
+                                    const EVP_MD *evpmd, int validate_flags,
+                                    int *res, BN_GENCB *cb)
 {
     int ok = FFC_PARAMS_RET_STATUS_FAILED;
     unsigned char seed[SHA256_DIGEST_LENGTH];
@@ -774,7 +772,7 @@ int ffc_param_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
     EVP_MD *evpmd_fetch = NULL;
 
     *res = 0;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
     /*
      * FIPS 186-4 states that validation can only be done for this pair.
      * (Even though the original spec allowed L = 512 + 64*j (j = 0.. 8))
@@ -979,8 +977,8 @@ int ffc_params_FIPS186_4_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params,
                                   int type, size_t L, size_t N,
                                   const EVP_MD *evpmd, int *res, BN_GENCB *cb)
 {
-    return ffc_param_FIPS186_4_gen_verify(libctx, params, type, L, N, evpmd, 0,
-                                          res, cb);
+    return ffc_params_FIPS186_4_gen_verify(libctx, params, type, L, N, evpmd, 0,
+                                           res, cb);
 }
 
 /* This should no longer be used in FIPS mode */
@@ -988,14 +986,6 @@ int ffc_params_FIPS186_2_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params,
                                   int type, size_t L, size_t N,
                                   const EVP_MD *evpmd, int *res, BN_GENCB *cb)
 {
-    return ffc_param_FIPS186_2_gen_verify(libctx, params, type, L, N, evpmd,
-                                          0, res, cb);
-}
-
-/* TODO(3.0) - Add this in another PR -  just add a stub for now */
-int ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont,
-                                       const BIGNUM *p, const BIGNUM *q,
-                                       const BIGNUM *g, BIGNUM *tmp, int *ret)
-{
-    return 1;
+    return ffc_params_FIPS186_2_gen_verify(libctx, params, type, L, N, evpmd,
+                                           0, res, cb);
 }