Tidy up DSA paramgen stylistically.
No braceless ifs.
Change-Id: I8f559a6bcd7029e642b8b56aa082949570b4c1fb
Reviewed-on: https://boringssl-review.googlesource.com/2622
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/dsa/dsa_impl.c b/crypto/dsa/dsa_impl.c
index d7463d5..fd027b0 100644
--- a/crypto/dsa/dsa_impl.c
+++ b/crypto/dsa/dsa_impl.c
@@ -482,30 +482,35 @@
qsize = qbits / 8;
if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
- qsize != SHA256_DIGEST_LENGTH)
+ qsize != SHA256_DIGEST_LENGTH) {
/* invalid q size */
return 0;
+ }
- if (bits < 512)
+ if (bits < 512) {
bits = 512;
+ }
bits = (bits + 63) / 64 * 64;
/* NB: seed_len == 0 is special case: copy generated seed to
* seed_in if it is not NULL. */
- if (seed_len && (seed_len < (size_t)qsize))
+ if (seed_len && (seed_len < (size_t)qsize)) {
seed_in = NULL; /* seed buffer too small -- ignore */
- if (seed_len > (size_t)qsize)
+ }
+ if (seed_len > (size_t)qsize) {
seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
* but our internal buffers are restricted to 160 bits*/
- if (seed_in != NULL)
+ }
+ if (seed_in != NULL) {
memcpy(seed, seed_in, seed_len);
+ }
- if ((ctx = BN_CTX_new()) == NULL)
+ ctx = BN_CTX_new();
+ mont = BN_MONT_CTX_new();
+ if (ctx == NULL || mont == NULL) {
goto err;
-
- if ((mont = BN_MONT_CTX_new()) == NULL)
- goto err;
+ }
BN_CTX_start(ctx);
r0 = BN_CTX_get(ctx);
@@ -517,17 +522,19 @@
p = BN_CTX_get(ctx);
test = BN_CTX_get(ctx);
- if (!BN_lshift(test, BN_value_one(), bits - 1))
+ if (!BN_lshift(test, BN_value_one(), bits - 1)) {
goto err;
+ }
for (;;) {
- for (;;) /* find q */
- {
+ /* Find q. */
+ for (;;) {
int seed_is_random;
/* step 1 */
- if (!BN_GENCB_call(cb, 0, m++))
+ if (!BN_GENCB_call(cb, 0, m++)) {
goto err;
+ }
if (!seed_len) {
if (!RAND_bytes(seed, qsize)) {
@@ -543,39 +550,43 @@
/* precompute "SEED + 1" for step 7: */
for (i = qsize - 1; i < qsize; i--) {
buf[i]++;
- if (buf[i] != 0)
+ if (buf[i] != 0) {
break;
+ }
}
/* step 2 */
- if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
+ if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL) ||
+ !EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) {
goto err;
- if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
- goto err;
- for (i = 0; i < qsize; i++)
+ }
+ for (i = 0; i < qsize; i++) {
md[i] ^= buf2[i];
+ }
/* step 3 */
md[0] |= 0x80;
md[qsize - 1] |= 0x01;
- if (!BN_bin2bn(md, qsize, q))
+ if (!BN_bin2bn(md, qsize, q)) {
goto err;
+ }
/* step 4 */
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb);
- if (r > 0)
+ if (r > 0) {
break;
- if (r != 0)
+ }
+ if (r != 0) {
goto err;
+ }
/* do a callback call */
/* step 5 */
}
- if (!BN_GENCB_call(cb, 2, 0))
+ if (!BN_GENCB_call(cb, 2, 0) || !BN_GENCB_call(cb, 3, 0)) {
goto err;
- if (!BN_GENCB_call(cb, 3, 0))
- goto err;
+ }
/* step 6 */
counter = 0;
@@ -584,8 +595,9 @@
n = (bits - 1) / 160;
for (;;) {
- if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+ if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) {
goto err;
+ }
/* step 7 */
BN_zero(W);
@@ -594,48 +606,48 @@
/* obtain "SEED + offset + k" by incrementing: */
for (i = qsize - 1; i < qsize; i--) {
buf[i]++;
- if (buf[i] != 0)
+ if (buf[i] != 0) {
break;
+ }
}
- if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL))
+ if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) {
goto err;
+ }
/* step 8 */
- if (!BN_bin2bn(md, qsize, r0))
+ if (!BN_bin2bn(md, qsize, r0) ||
+ !BN_lshift(r0, r0, (qsize << 3) * k) ||
+ !BN_add(W, W, r0)) {
goto err;
- if (!BN_lshift(r0, r0, (qsize << 3) * k))
- goto err;
- if (!BN_add(W, W, r0))
- goto err;
+ }
}
/* more of step 8 */
- if (!BN_mask_bits(W, bits - 1))
+ if (!BN_mask_bits(W, bits - 1) ||
+ !BN_copy(X, W) ||
+ !BN_add(X, X, test)) {
goto err;
- if (!BN_copy(X, W))
- goto err;
- if (!BN_add(X, X, test))
- goto err;
+ }
/* step 9 */
- if (!BN_lshift1(r0, q))
+ if (!BN_lshift1(r0, q) ||
+ !BN_mod(c, X, r0, ctx) ||
+ !BN_sub(r0, c, BN_value_one()) ||
+ !BN_sub(p, X, r0)) {
goto err;
- if (!BN_mod(c, X, r0, ctx))
- goto err;
- if (!BN_sub(r0, c, BN_value_one()))
- goto err;
- if (!BN_sub(p, X, r0))
- goto err;
+ }
/* step 10 */
if (BN_cmp(p, test) >= 0) {
/* step 11 */
r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
- if (r > 0)
+ if (r > 0) {
goto end; /* found it */
- if (r != 0)
+ }
+ if (r != 0) {
goto err;
+ }
}
/* step 13 */
@@ -643,50 +655,59 @@
/* "offset = offset + n + 1" */
/* step 14 */
- if (counter >= 4096)
+ if (counter >= 4096) {
break;
+ }
}
}
end:
- if (!BN_GENCB_call(cb, 2, 1))
+ if (!BN_GENCB_call(cb, 2, 1)) {
goto err;
+ }
/* We now need to generate g */
/* Set r0=(p-1)/q */
- if (!BN_sub(test, p, BN_value_one()))
+ if (!BN_sub(test, p, BN_value_one()) ||
+ !BN_div(r0, NULL, test, q, ctx)) {
goto err;
- if (!BN_div(r0, NULL, test, q, ctx))
- goto err;
+ }
- if (!BN_set_word(test, h))
+ if (!BN_set_word(test, h) ||
+ !BN_MONT_CTX_set(mont, p, ctx)) {
goto err;
- if (!BN_MONT_CTX_set(mont, p, ctx))
- goto err;
+ }
for (;;) {
/* g=test^r0%p */
- if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+ if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) {
goto err;
- if (!BN_is_one(g))
+ }
+ if (!BN_is_one(g)) {
break;
- if (!BN_add(test, test, BN_value_one()))
+ }
+ if (!BN_add(test, test, BN_value_one())) {
goto err;
+ }
h++;
}
- if (!BN_GENCB_call(cb, 3, 1))
+ if (!BN_GENCB_call(cb, 3, 1)) {
goto err;
+ }
ok = 1;
err:
if (ok) {
- if (ret->p)
+ if (ret->p) {
BN_free(ret->p);
- if (ret->q)
+ }
+ if (ret->q) {
BN_free(ret->q);
- if (ret->g)
+ }
+ if (ret->g) {
BN_free(ret->g);
+ }
ret->p = BN_dup(p);
ret->q = BN_dup(q);
ret->g = BN_dup(g);
@@ -694,10 +715,12 @@
ok = 0;
goto err;
}
- if (counter_ret != NULL)
+ if (counter_ret != NULL) {
*counter_ret = counter;
- if (h_ret != NULL)
+ }
+ if (h_ret != NULL) {
*h_ret = h;
+ }
}
if (ctx) {
@@ -705,8 +728,9 @@
BN_CTX_free(ctx);
}
- if (mont != NULL)
+ if (mont != NULL) {
BN_MONT_CTX_free(mont);
+ }
return ok;
}
