Tidy up DSA paramgen stylistically. No braceless ifs. Change-Id: I8f559a6bcd7029e642b8b56aa082949570b4c1fb Reviewed-on: https://boringssl-review.googlesource.com/2622 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/dsa/dsa_impl.c b/crypto/dsa/dsa_impl.c index d7463d5..fd027b0 100644 --- a/crypto/dsa/dsa_impl.c +++ b/crypto/dsa/dsa_impl.c
@@ -482,30 +482,35 @@ qsize = qbits / 8; if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && - qsize != SHA256_DIGEST_LENGTH) + qsize != SHA256_DIGEST_LENGTH) { /* invalid q size */ return 0; + } - if (bits < 512) + if (bits < 512) { bits = 512; + } bits = (bits + 63) / 64 * 64; /* NB: seed_len == 0 is special case: copy generated seed to * seed_in if it is not NULL. */ - if (seed_len && (seed_len < (size_t)qsize)) + if (seed_len && (seed_len < (size_t)qsize)) { seed_in = NULL; /* seed buffer too small -- ignore */ - if (seed_len > (size_t)qsize) + } + if (seed_len > (size_t)qsize) { seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, * but our internal buffers are restricted to 160 bits*/ - if (seed_in != NULL) + } + if (seed_in != NULL) { memcpy(seed, seed_in, seed_len); + } - if ((ctx = BN_CTX_new()) == NULL) + ctx = BN_CTX_new(); + mont = BN_MONT_CTX_new(); + if (ctx == NULL || mont == NULL) { goto err; - - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; + } BN_CTX_start(ctx); r0 = BN_CTX_get(ctx); @@ -517,17 +522,19 @@ p = BN_CTX_get(ctx); test = BN_CTX_get(ctx); - if (!BN_lshift(test, BN_value_one(), bits - 1)) + if (!BN_lshift(test, BN_value_one(), bits - 1)) { goto err; + } for (;;) { - for (;;) /* find q */ - { + /* Find q. */ + for (;;) { int seed_is_random; /* step 1 */ - if (!BN_GENCB_call(cb, 0, m++)) + if (!BN_GENCB_call(cb, 0, m++)) { goto err; + } if (!seed_len) { if (!RAND_bytes(seed, qsize)) { @@ -543,39 +550,43 @@ /* precompute "SEED + 1" for step 7: */ for (i = qsize - 1; i < qsize; i--) { buf[i]++; - if (buf[i] != 0) + if (buf[i] != 0) { break; + } } /* step 2 */ - if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) + if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL) || + !EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) { goto err; - if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) - goto err; - for (i = 0; i < qsize; i++) + } + for (i = 0; i < qsize; i++) { md[i] ^= buf2[i]; + } /* step 3 */ md[0] |= 0x80; md[qsize - 1] |= 0x01; - if (!BN_bin2bn(md, qsize, q)) + if (!BN_bin2bn(md, qsize, q)) { goto err; + } /* step 4 */ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb); - if (r > 0) + if (r > 0) { break; - if (r != 0) + } + if (r != 0) { goto err; + } /* do a callback call */ /* step 5 */ } - if (!BN_GENCB_call(cb, 2, 0)) + if (!BN_GENCB_call(cb, 2, 0) || !BN_GENCB_call(cb, 3, 0)) { goto err; - if (!BN_GENCB_call(cb, 3, 0)) - goto err; + } /* step 6 */ counter = 0; @@ -584,8 +595,9 @@ n = (bits - 1) / 160; for (;;) { - if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) + if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) { goto err; + } /* step 7 */ BN_zero(W); @@ -594,48 +606,48 @@ /* obtain "SEED + offset + k" by incrementing: */ for (i = qsize - 1; i < qsize; i--) { buf[i]++; - if (buf[i] != 0) + if (buf[i] != 0) { break; + } } - if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) + if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) { goto err; + } /* step 8 */ - if (!BN_bin2bn(md, qsize, r0)) + if (!BN_bin2bn(md, qsize, r0) || + !BN_lshift(r0, r0, (qsize << 3) * k) || + !BN_add(W, W, r0)) { goto err; - if (!BN_lshift(r0, r0, (qsize << 3) * k)) - goto err; - if (!BN_add(W, W, r0)) - goto err; + } } /* more of step 8 */ - if (!BN_mask_bits(W, bits - 1)) + if (!BN_mask_bits(W, bits - 1) || + !BN_copy(X, W) || + !BN_add(X, X, test)) { goto err; - if (!BN_copy(X, W)) - goto err; - if (!BN_add(X, X, test)) - goto err; + } /* step 9 */ - if (!BN_lshift1(r0, q)) + if (!BN_lshift1(r0, q) || + !BN_mod(c, X, r0, ctx) || + !BN_sub(r0, c, BN_value_one()) || + !BN_sub(p, X, r0)) { goto err; - if (!BN_mod(c, X, r0, ctx)) - goto err; - if (!BN_sub(r0, c, BN_value_one())) - goto err; - if (!BN_sub(p, X, r0)) - goto err; + } /* step 10 */ if (BN_cmp(p, test) >= 0) { /* step 11 */ r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); - if (r > 0) + if (r > 0) { goto end; /* found it */ - if (r != 0) + } + if (r != 0) { goto err; + } } /* step 13 */ @@ -643,50 +655,59 @@ /* "offset = offset + n + 1" */ /* step 14 */ - if (counter >= 4096) + if (counter >= 4096) { break; + } } } end: - if (!BN_GENCB_call(cb, 2, 1)) + if (!BN_GENCB_call(cb, 2, 1)) { goto err; + } /* We now need to generate g */ /* Set r0=(p-1)/q */ - if (!BN_sub(test, p, BN_value_one())) + if (!BN_sub(test, p, BN_value_one()) || + !BN_div(r0, NULL, test, q, ctx)) { goto err; - if (!BN_div(r0, NULL, test, q, ctx)) - goto err; + } - if (!BN_set_word(test, h)) + if (!BN_set_word(test, h) || + !BN_MONT_CTX_set(mont, p, ctx)) { goto err; - if (!BN_MONT_CTX_set(mont, p, ctx)) - goto err; + } for (;;) { /* g=test^r0%p */ - if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) + if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) { goto err; - if (!BN_is_one(g)) + } + if (!BN_is_one(g)) { break; - if (!BN_add(test, test, BN_value_one())) + } + if (!BN_add(test, test, BN_value_one())) { goto err; + } h++; } - if (!BN_GENCB_call(cb, 3, 1)) + if (!BN_GENCB_call(cb, 3, 1)) { goto err; + } ok = 1; err: if (ok) { - if (ret->p) + if (ret->p) { BN_free(ret->p); - if (ret->q) + } + if (ret->q) { BN_free(ret->q); - if (ret->g) + } + if (ret->g) { BN_free(ret->g); + } ret->p = BN_dup(p); ret->q = BN_dup(q); ret->g = BN_dup(g); @@ -694,10 +715,12 @@ ok = 0; goto err; } - if (counter_ret != NULL) + if (counter_ret != NULL) { *counter_ret = counter; - if (h_ret != NULL) + } + if (h_ret != NULL) { *h_ret = h; + } } if (ctx) { @@ -705,8 +728,9 @@ BN_CTX_free(ctx); } - if (mont != NULL) + if (mont != NULL) { BN_MONT_CTX_free(mont); + } return ok; }