Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
6aecef81
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
6aecef81
编写于
7月 25, 2001
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Don't preserve existing keys in DH_generate_key.
上级
daba492c
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
45 addition
and
9 deletion
+45
-9
CHANGES
CHANGES
+31
-0
crypto/dh/dh_key.c
crypto/dh/dh_key.c
+10
-6
doc/crypto/DH_generate_key.pod
doc/crypto/DH_generate_key.pod
+4
-3
未找到文件。
CHANGES
浏览文件 @
6aecef81
...
...
@@ -12,6 +12,37 @@
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
*) In crypto/dh/dh_key.c, change generate_key() (the default
implementation of DH_generate_key()) so that a new key is
generated each time DH_generate_key() is used on a DH object.
Previously, DH_generate_key() did not change existing keys
-- but ssl/s3_srvr.c always expected it to do so (in effect,
SSL_OP_SINGLE_DH_USE was ignored in servers reusing the same SSL
object for multiple connections; however, each new SSL object
created from an SSL_CTX got its own key).
[Bodo Moeller]
*) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
dh->length and always used
BN_rand_range(priv_key, dh->p).
BN_rand_range() is not necessary for Diffie-Hellman, and this
specific range makes Diffie-Hellman unnecessarily inefficient if
dh->length (recommended exponent length) is much smaller than the
length of dh->p. We could use BN_rand_range() if the order of
the subgroup was stored in the DH structure, but we only have
dh->length.
So switch back to
BN_rand(priv_key, l, ...)
where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
otherwise.
[Bodo Moeller]
*) In
RSA_eay_public_encrypt
...
...
crypto/dh/dh_key.c
浏览文件 @
6aecef81
...
...
@@ -101,6 +101,7 @@ const DH_METHOD *DH_OpenSSL(void)
static
int
generate_key
(
DH
*
dh
)
{
int
ok
=
0
;
unsigned
l
;
BN_CTX
*
ctx
;
BN_MONT_CTX
*
mont
;
BIGNUM
*
pub_key
=
NULL
,
*
priv_key
=
NULL
;
...
...
@@ -112,9 +113,6 @@ static int generate_key(DH *dh)
{
priv_key
=
BN_new
();
if
(
priv_key
==
NULL
)
goto
err
;
do
if
(
!
BN_rand_range
(
priv_key
,
dh
->
p
))
goto
err
;
while
(
BN_is_zero
(
priv_key
));
}
else
priv_key
=
dh
->
priv_key
;
...
...
@@ -135,9 +133,15 @@ static int generate_key(DH *dh)
}
mont
=
(
BN_MONT_CTX
*
)
dh
->
method_mont_p
;
if
(
!
ENGINE_get_DH
(
dh
->
engine
)
->
bn_mod_exp
(
dh
,
pub_key
,
dh
->
g
,
priv_key
,
dh
->
p
,
ctx
,
mont
))
goto
err
;
l
=
dh
->
length
?
dh
->
length
:
BN_num_bits
(
dh
->
p
)
-
1
;
/* secret exponent length */
do
{
if
(
!
BN_rand
(
priv_key
,
l
,
0
,
0
))
goto
err
;
if
(
!
ENGINE_get_DH
(
dh
->
engine
)
->
bn_mod_exp
(
dh
,
pub_key
,
dh
->
g
,
priv_key
,
dh
->
p
,
ctx
,
mont
))
goto
err
;
}
while
(
BN_is_one
(
priv_key
));
dh
->
pub_key
=
pub_key
;
dh
->
priv_key
=
priv_key
;
...
...
doc/crypto/DH_generate_key.pod
浏览文件 @
6aecef81
...
...
@@ -21,9 +21,8 @@ value to compute the shared key.
DH_generate_key() expects B<dh> to contain the shared parameters
B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
unless B<dh-E<gt>priv_key> is already set, and computes the
corresponding public value B<dh-E<gt>pub_key>, which can then be
published.
B<dh-E<gt>priv_key>, and it computes the corresponding public value
B<dh-E<gt>pub_key>, which can then be published.
DH_compute_key() computes the shared secret from the private DH value
in B<dh> and the other party's public value in B<pub_key> and stores
...
...
@@ -46,5 +45,7 @@ L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
DH_generate_key() and DH_compute_key() are available in all versions
of SSLeay and OpenSSL.
Up to version 0.9.6b, DH_generate_key() would not generate a new
key if B<dh-E<gt>priv_key> was already set.
=cut
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录