Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
82652aaf
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
82652aaf
编写于
3月 20, 2002
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
fix DH_generate_parameters for general 'generator'
上级
17d6bb81
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
58 addition
and
9 deletion
+58
-9
CHANGES
CHANGES
+19
-0
crypto/dh/dh.h
crypto/dh/dh.h
+1
-0
crypto/dh/dh_err.c
crypto/dh/dh_err.c
+2
-1
crypto/dh/dh_gen.c
crypto/dh/dh_gen.c
+24
-8
crypto/dh/dhtest.c
crypto/dh/dhtest.c
+12
-0
未找到文件。
CHANGES
浏览文件 @
82652aaf
...
...
@@ -4,6 +4,14 @@
Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
*) Add a function EC_GROUP_check_discriminant() (defined via
EC_METHOD) that verifies that the curve discriminant is non-zero.
Add a function EC_GROUP_check() that makes some sanity tests
on a EC_GROUP, its generator and order. This includes
EC_GROUP_check_discriminant().
[Nils Larsch <nla@trustcenter.de>]
*) Add ECDSA in new directory crypto/ecdsa/.
Add applications 'openssl ecdsaparam' and 'openssl ecdsa'
...
...
@@ -41,6 +49,17 @@
*) applies to 0.9.6a ... 0.9.6d and 0.9.7
+) applies to 0.9.7 only
*) Fix DH_generate_parameters() so that it works for 'non-standard'
generators, i.e. generators other than 2 and 5. (Previously, the
code did not properly initialise the 'add' and 'rem' values to
BN_generate_prime().)
In the new general case, we do not insist that 'generator' is
actually a primitive root: This requirement is rather pointless;
a generator of the order-q subgroup is just as good, if not
better.
[Bodo Moeller]
*) Map new X509 verification errors to alerts. Discovered and submitted by
Tom Wu <tom@arcot.com>.
[Lutz Jaenicke]
...
...
crypto/dh/dh.h
浏览文件 @
82652aaf
...
...
@@ -198,6 +198,7 @@ void ERR_load_DH_strings(void);
#define DH_F_DH_NEW_METHOD 105
/* Reason codes. */
#define DH_R_BAD_GENERATOR 101
#define DH_R_NO_PRIVATE_VALUE 100
#ifdef __cplusplus
...
...
crypto/dh/dh_err.c
浏览文件 @
82652aaf
/* crypto/dh/dh_err.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999
-2002
The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
...
...
@@ -77,6 +77,7 @@ static ERR_STRING_DATA DH_str_functs[]=
static
ERR_STRING_DATA
DH_str_reasons
[]
=
{
{
DH_R_BAD_GENERATOR
,
"bad generator"
},
{
DH_R_NO_PRIVATE_VALUE
,
"no private value"
},
{
0
,
NULL
}
};
...
...
crypto/dh/dh_gen.c
浏览文件 @
82652aaf
...
...
@@ -82,7 +82,10 @@
* Since DH should be using a safe prime (both p and q are prime),
* this generator function can take a very very long time to run.
*/
/* Actually there is no reason to insist that 'generator' be a generator.
* It's just as OK (and in some sense better) to use a generator of the
* order-q subgroup.
*/
DH
*
DH_generate_parameters
(
int
prime_len
,
int
generator
,
void
(
*
callback
)(
int
,
int
,
void
*
),
void
*
cb_arg
)
{
...
...
@@ -100,30 +103,43 @@ DH *DH_generate_parameters(int prime_len, int generator,
t2
=
BN_CTX_get
(
ctx
);
if
(
t1
==
NULL
||
t2
==
NULL
)
goto
err
;
if
(
generator
<=
1
)
{
DHerr
(
DH_F_DH_GENERATE_PARAMETERS
,
DH_R_BAD_GENERATOR
);
goto
err
;
}
if
(
generator
==
DH_GENERATOR_2
)
{
BN_set_word
(
t1
,
24
)
;
BN_set_word
(
t2
,
11
)
;
if
(
!
BN_set_word
(
t1
,
24
))
goto
err
;
if
(
!
BN_set_word
(
t2
,
11
))
goto
err
;
g
=
2
;
}
#if
def undef
/* does not work for safe primes */
#if
0
/* does not work for safe primes */
else if (generator == DH_GENERATOR_3)
{
BN_set_word
(
t1
,
12
)
;
BN_set_word
(
t2
,
5
)
;
if (!BN_set_word(t1,12)) goto err
;
if (!BN_set_word(t2,5)) goto err
;
g=3;
}
#endif
else
if
(
generator
==
DH_GENERATOR_5
)
{
BN_set_word
(
t1
,
10
)
;
BN_set_word
(
t2
,
3
)
;
if
(
!
BN_set_word
(
t1
,
10
))
goto
err
;
if
(
!
BN_set_word
(
t2
,
3
))
goto
err
;
/* BN_set_word(t3,7); just have to miss
* out on these ones :-( */
g
=
5
;
}
else
{
/* in the general case, don't worry if 'generator' is a
* generator or not: since we are using safe primes,
* it will generate either an order-q or an order-2q group,
* which both is OK */
if
(
!
BN_set_word
(
t1
,
2
))
goto
err
;
if
(
!
BN_set_word
(
t2
,
1
))
goto
err
;
g
=
generator
;
}
p
=
BN_generate_prime
(
NULL
,
prime_len
,
1
,
t1
,
t2
,
callback
,
cb_arg
);
if
(
p
==
NULL
)
goto
err
;
...
...
crypto/dh/dhtest.c
浏览文件 @
82652aaf
...
...
@@ -117,6 +117,16 @@ int main(int argc, char *argv[])
a
=
DH_generate_parameters
(
64
,
DH_GENERATOR_5
,
cb
,
out
);
if
(
a
==
NULL
)
goto
err
;
if
(
!
DH_check
(
a
,
&
i
))
goto
err
;
if
(
i
&
DH_CHECK_P_NOT_PRIME
)
BIO_puts
(
out
,
"p value is not prime
\n
"
);
if
(
i
&
DH_CHECK_P_NOT_SAFE_PRIME
)
BIO_puts
(
out
,
"p value is not a safe prime
\n
"
);
if
(
i
&
DH_UNABLE_TO_CHECK_GENERATOR
)
BIO_puts
(
out
,
"unable to check the generator value
\n
"
);
if
(
i
&
DH_NOT_SUITABLE_GENERATOR
)
BIO_puts
(
out
,
"the g value is not a generator
\n
"
);
BIO_puts
(
out
,
"
\n
p ="
);
BN_print
(
out
,
a
->
p
);
BIO_puts
(
out
,
"
\n
g ="
);
...
...
@@ -175,6 +185,8 @@ int main(int argc, char *argv[])
else
ret
=
0
;
err:
ERR_print_errors_fp
(
stderr
);
if
(
abuf
!=
NULL
)
OPENSSL_free
(
abuf
);
if
(
bbuf
!=
NULL
)
OPENSSL_free
(
bbuf
);
if
(
b
!=
NULL
)
DH_free
(
b
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录