Blow away Makefile.ssl.

[openssl.git] / crypto / rsa / rsa_gen.c

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 68a2661796ba85b46581f9ae4dec637b06fa30c6..8e3a5821d6a50383019e99b9f83f725370ed2689 100644 (file)
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -86,12 +86,10 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
        {
        BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
        int bitsp,bitsq,ok= -1,n=0;
-       BN_CTX *ctx=NULL,*ctx2=NULL;
+       BN_CTX *ctx=NULL;
 
        ctx=BN_CTX_new();
        if (ctx == NULL) goto err;
-       ctx2=BN_CTX_new();
-       if (ctx2 == NULL) goto err;
        BN_CTX_start(ctx);
        r0 = BN_CTX_get(ctx);
        r1 = BN_CTX_get(ctx);
@@ -129,11 +127,24 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
                goto err;
        for (;;)
                {
-               if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+               /* When generating ridiculously small keys, we can get stuck
+                * continually regenerating the same prime values. Check for
+                * this and bail if it happens 3 times. */
+               unsigned int degenerate = 0;
+               do
+                       {
+                       if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+                               goto err;
+                       } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
+               if(degenerate == 3)
+                       {
+                       ok = 0; /* we set our own err */
+                       RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_KEY_SIZE_TOO_SMALL);
                        goto err;
+                       }
                if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
                if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
-               if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
+               if (BN_is_one(r1))
                        break;
                if(!BN_GENCB_call(cb, 2, n++))
                        goto err;
@@ -154,23 +165,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
        if (!BN_sub(r1,rsa->p,BN_value_one())) goto err;        /* p-1 */
        if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;        /* q-1 */
        if (!BN_mul(r0,r1,r2,ctx)) goto err;    /* (p-1)(q-1) */
-
-/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */
-/*     for (;;)
-               {
-               if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err;
-               if (BN_is_one(r3)) break;
-
-               if (1)
-                       {
-                       if (!BN_add_word(rsa->e,2L)) goto err;
-                       continue;
-                       }
-               RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE);
-               goto err;
-               }
-*/
-       if (!BN_mod_inverse(rsa->d,rsa->e,r0,ctx2)) goto err;   /* d */
+       if (!BN_mod_inverse(rsa->d,rsa->e,r0,ctx)) goto err;    /* d */
 
        /* calculate d mod (p-1) */
        if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err;
@@ -179,7 +174,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
        if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err;
 
        /* calculate inverse of q mod p */
-       if (!BN_mod_inverse(rsa->iqmp,rsa->q,rsa->p,ctx2)) goto err;
+       if (!BN_mod_inverse(rsa->iqmp,rsa->q,rsa->p,ctx)) goto err;
 
        ok=1;
 err:
@@ -190,7 +185,6 @@ err:
                }
        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
-       BN_CTX_free(ctx2);
 
        return ok;
        }