Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
a87030a1
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
a87030a1
编写于
1月 30, 2000
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Make DSA_generate_parameters, and fix a couple of bug
(including another problem in the s3_srvr.c state machine).
上级
15701211
变更
15
隐藏空白更改
内联
并排
Showing
15 changed file
with
186 addition
and
139 deletion
+186
-139
CHANGES
CHANGES
+35
-8
TABLE
TABLE
+17
-0
crypto/bn/bn.h
crypto/bn/bn.h
+5
-1
crypto/bn/bn_prime.c
crypto/bn/bn_prime.c
+28
-10
crypto/dsa/dsa.h
crypto/dsa/dsa.h
+5
-2
crypto/dsa/dsa_err.c
crypto/dsa/dsa_err.c
+0
-1
crypto/dsa/dsa_gen.c
crypto/dsa/dsa_gen.c
+46
-94
crypto/dsa/dsatest.c
crypto/dsa/dsatest.c
+5
-3
crypto/sha/sha.h
crypto/sha/sha.h
+1
-1
doc/crypto/DSA_generate_parameters.pod
doc/crypto/DSA_generate_parameters.pod
+23
-16
ms/test.bat
ms/test.bat
+4
-0
ssl/s3_srvr.c
ssl/s3_srvr.c
+9
-1
test/Makefile.ssl
test/Makefile.ssl
+3
-2
test/testssl
test/testssl
+3
-0
util/libeay.num
util/libeay.num
+2
-0
未找到文件。
CHANGES
浏览文件 @
a87030a1
...
...
@@ -4,6 +4,35 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
*) Bugfix: ssl3_send_server_key_exchange was not restartable
(the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
this the server could overwrite ephemeral keys that the client
has already seen).
[Bodo Moeller]
*) Turn DSA_is_prime into a macro that calls BN_is_prime,
using 50 iterations of the Rabin-Miller test.
DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
iterations of the Rabin-Miller test as required by the appendix
to FIPS PUB 186[-1]) instead of DSA_is_prime.
As BN_is_prime_fasttest includes trial division, DSA parameter
generation becomes much faster.
This implies a change for the callback functions in DSA_is_prime
and DSA_generate_parameters: They are now called once for each
positive witness in the Rabin-Miller test, not just occasionally
in the inner loop; and the parameters to the callback function now
provide an iteration count for the outer loop rather than for the
current invocation of the inner loop.
[Bodo Moeller]
*) New functions BN_is_prime_fasttest that optionally does trial
division before starting the Rabin-Miller test and has
an additional BN_CTX * argument (whereas BN_is_prime always
has to allocate at least one BN_CTX).
[Bodo Moeller]
*) Fix for bug in CRL encoding. The validity dates weren't being handled
as ASN1_TIME.
[Steve Henson]
...
...
@@ -11,10 +40,6 @@
*) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
[Steve Henson]
*) Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
generating DSA primes.
[Ulf Möller]
*) New function BN_pseudo_rand().
[Ulf Möller]
...
...
@@ -41,7 +66,10 @@
*) Make BN_generate_prime() return NULL on error if ret!=NULL.
[Ulf Möller]
*) Retain source code compatibility for BN_prime_checks macro.
*) Retain source code compatibility for BN_prime_checks macro:
BN_is_prime(..., BN_prime_checks, ...) now uses
BN_prime_checks_for_size to determine the appropriate number of
Rabin-Miller iterations.
[Ulf Möller]
*) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
...
...
@@ -114,10 +142,9 @@
*) Do more iterations of Rabin-Miller probable prime test (specifically,
3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
instead of only 2 for all lengths; see BN_prime_checks_size definition
instead of only 2 for all lengths; see BN_prime_checks_
for_
size definition
in crypto/bn/bn_prime.c for the complete table). This guarantees a
false-positive rate of at most 2^-80 (actually less because we are
additionally doing trial division) for random input.
false-positive rate of at most 2^-80 for random input.
[Bodo Moeller]
*) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
...
...
TABLE
浏览文件 @
a87030a1
...
...
@@ -663,6 +663,23 @@ $rc4_obj = asm/rx86-elf.o
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
*** debug-levitte-linux-elf
$cc = gcc
$cflags = -DRL_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe
$unistd =
$thread_cflag = -D_REENTRANT
$lflags =
$bn_ops =
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
*** debug-linux-elf
$cc = gcc
$cflags = -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall
...
...
crypto/bn/bn.h
浏览文件 @
a87030a1
...
...
@@ -292,7 +292,7 @@ typedef struct bn_recp_ctx_st
* of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
* original paper: Damgaard, Landrock, Pomerance: Average case error estimates
* for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
#define BN_prime_checks_size(b) ((b) >= 1300 ? 2 : \
#define BN_prime_checks_
for_
size(b) ((b) >= 1300 ? 2 : \
(b) >= 850 ? 3 : \
(b) >= 650 ? 4 : \
(b) >= 550 ? 5 : \
...
...
@@ -406,6 +406,10 @@ BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,BIGNUM *add,
BIGNUM
*
rem
,
void
(
*
callback
)(
int
,
int
,
void
*
),
void
*
cb_arg
);
int
BN_is_prime
(
BIGNUM
*
p
,
int
nchecks
,
void
(
*
callback
)(
int
,
int
,
void
*
),
BN_CTX
*
ctx
,
void
*
cb_arg
);
int
BN_is_prime_fasttest
(
BIGNUM
*
p
,
int
nchecks
,
void
(
*
callback
)(
int
,
int
,
void
*
),
BN_CTX
*
ctx
,
BN_CTX
*
ctx2
,
void
*
cb_arg
,
int
do_trial_division
);
void
ERR_load_BN_strings
(
void
);
BN_ULONG
bn_mul_add_words
(
BN_ULONG
*
rp
,
BN_ULONG
*
ap
,
int
num
,
BN_ULONG
w
);
...
...
crypto/bn/bn_prime.c
浏览文件 @
a87030a1
...
...
@@ -84,7 +84,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, BIGNUM *add,
int
found
=
0
;
int
i
,
j
,
c1
=
0
;
BN_CTX
*
ctx
;
int
checks
=
BN_prime_checks_size
(
bits
);
int
checks
=
BN_prime_checks_
for_
size
(
bits
);
ctx
=
BN_CTX_new
();
if
(
ctx
==
NULL
)
goto
err
;
...
...
@@ -154,10 +154,12 @@ err:
return
(
found
?
rnd
:
NULL
);
}
int
BN_is_prime
(
BIGNUM
*
a
,
int
checks
,
void
(
*
callback
)(
int
,
int
,
void
*
),
BN_CTX
*
ctx_passed
,
void
*
cb_arg
)
int
BN_is_prime_fasttest
(
BIGNUM
*
a
,
int
checks
,
void
(
*
callback
)(
int
,
int
,
void
*
),
BN_CTX
*
ctx_passed
,
BN_CTX
*
ctx2_passed
,
void
*
cb_arg
,
int
do_trial_division
)
{
int
i
,
j
,
c2
=
0
,
ret
=
-
1
;
int
i
,
j
,
ret
=
-
1
;
BIGNUM
*
check
;
BN_CTX
*
ctx
=
NULL
,
*
ctx2
=
NULL
;
BN_MONT_CTX
*
mont
=
NULL
;
...
...
@@ -165,17 +167,25 @@ int BN_is_prime(BIGNUM *a, int checks, void (*callback)(int,int,void *),
if
(
checks
==
BN_prime_checks
)
{
int
bits
=
BN_num_bits
(
a
);
checks
=
BN_prime_checks_size
(
bits
);
checks
=
BN_prime_checks_
for_
size
(
bits
);
}
if
(
!
BN_is_odd
(
a
))
return
(
0
);
if
(
do_trial_division
)
for
(
i
=
1
;
i
<
NUMPRIMES
;
i
++
)
if
(
BN_mod_word
(
a
,
primes
[
i
])
==
0
)
return
0
;
if
(
ctx_passed
!=
NULL
)
ctx
=
ctx_passed
;
else
if
((
ctx
=
BN_CTX_new
())
==
NULL
)
goto
err
;
if
(
ctx2_passed
!=
NULL
)
ctx2
=
ctx2_passed
;
else
if
((
ctx2
=
BN_CTX_new
())
==
NULL
)
goto
err
;
if
((
ctx2
=
BN_CTX_new
())
==
NULL
)
goto
err
;
if
((
mont
=
BN_MONT_CTX_new
())
==
NULL
)
goto
err
;
check
=
&
(
ctx
->
bn
[
ctx
->
tos
++
]);
...
...
@@ -185,7 +195,9 @@ int BN_is_prime(BIGNUM *a, int checks, void (*callback)(int,int,void *),
for
(
i
=
0
;
i
<
checks
;
i
++
)
{
if
(
!
BN_pseudo_rand
(
check
,
BN_num_bits
(
a
)
-
1
,
0
,
0
))
goto
err
;
if
(
!
BN_pseudo_rand
(
check
,
BN_num_bits
(
a
),
0
,
0
))
goto
err
;
if
(
BN_cmp
(
check
,
a
)
>=
0
)
BN_sub
(
check
,
check
,
a
);
j
=
witness
(
check
,
a
,
ctx
,
ctx2
,
mont
);
if
(
j
==
-
1
)
goto
err
;
if
(
j
)
...
...
@@ -193,20 +205,26 @@ int BN_is_prime(BIGNUM *a, int checks, void (*callback)(int,int,void *),
ret
=
0
;
goto
err
;
}
if
(
callback
!=
NULL
)
callback
(
1
,
c2
++
,
cb_arg
);
if
(
callback
!=
NULL
)
callback
(
1
,
i
,
cb_arg
);
}
ret
=
1
;
err:
ctx
->
tos
--
;
if
((
ctx_passed
==
NULL
)
&&
(
ctx
!=
NULL
))
BN_CTX_free
(
ctx
);
if
(
ctx2
!=
NULL
)
if
(
(
ctx2_passed
==
NULL
)
&&
(
ctx2
!=
NULL
)
)
BN_CTX_free
(
ctx2
);
if
(
mont
!=
NULL
)
BN_MONT_CTX_free
(
mont
);
return
(
ret
);
}
int
BN_is_prime
(
BIGNUM
*
a
,
int
checks
,
void
(
*
callback
)(
int
,
int
,
void
*
),
BN_CTX
*
ctx_passed
,
void
*
cb_arg
)
{
return
BN_is_prime_fasttest
(
a
,
checks
,
callback
,
ctx_passed
,
NULL
,
cb_arg
,
0
);
}
static
int
witness
(
BIGNUM
*
a
,
BIGNUM
*
n
,
BN_CTX
*
ctx
,
BN_CTX
*
ctx2
,
BN_MONT_CTX
*
mont
)
{
...
...
@@ -274,7 +292,7 @@ err:
static
int
probable_prime
(
BIGNUM
*
rnd
,
int
bits
)
{
int
i
;
MS_STATIC
BN_ULONG
mods
[
NUMPRIMES
];
BN_ULONG
mods
[
NUMPRIMES
];
BN_ULONG
delta
,
d
;
again:
...
...
crypto/dsa/dsa.h
浏览文件 @
a87030a1
...
...
@@ -197,7 +197,11 @@ int DSAparams_print_fp(FILE *fp, DSA *x);
int
DSA_print_fp
(
FILE
*
bp
,
DSA
*
x
,
int
off
);
#endif
int
DSA_is_prime
(
BIGNUM
*
q
,
void
(
*
callback
)(),
void
*
cb_arg
);
#define DSS_prime_checks 50
/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
* 50 rounds of Rabin-Miller */
#define DSA_is_prime(n, callback, cb_arg) \
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
#ifndef NO_DH
/* Convert DSA structure (key or just parameters) into DH structure
...
...
@@ -218,7 +222,6 @@ DH *DSA_dup_DH(DSA *r);
#define DSA_F_DSAPARAMS_PRINT_FP 101
#define DSA_F_DSA_DO_SIGN 112
#define DSA_F_DSA_DO_VERIFY 113
#define DSA_F_DSA_IS_PRIME 102
#define DSA_F_DSA_NEW 103
#define DSA_F_DSA_PRINT 104
#define DSA_F_DSA_PRINT_FP 105
...
...
crypto/dsa/dsa_err.c
浏览文件 @
a87030a1
...
...
@@ -70,7 +70,6 @@ static ERR_STRING_DATA DSA_str_functs[]=
{
ERR_PACK
(
0
,
DSA_F_DSAPARAMS_PRINT_FP
,
0
),
"DSAparams_print_fp"
},
{
ERR_PACK
(
0
,
DSA_F_DSA_DO_SIGN
,
0
),
"DSA_do_sign"
},
{
ERR_PACK
(
0
,
DSA_F_DSA_DO_VERIFY
,
0
),
"DSA_do_verify"
},
{
ERR_PACK
(
0
,
DSA_F_DSA_IS_PRIME
,
0
),
"DSA_is_prime"
},
{
ERR_PACK
(
0
,
DSA_F_DSA_NEW
,
0
),
"DSA_new"
},
{
ERR_PACK
(
0
,
DSA_F_DSA_PRINT
,
0
),
"DSA_print"
},
{
ERR_PACK
(
0
,
DSA_F_DSA_PRINT_FP
,
0
),
"DSA_print_fp"
},
...
...
crypto/dsa/dsa_gen.c
浏览文件 @
a87030a1
...
...
@@ -59,12 +59,18 @@
#undef GENUINE_DSA
#ifdef GENUINE_DSA
/* Parameter generation follows the original release of FIPS PUB 186,
* Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
#define HASH SHA
#else
/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
* also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
* FIPS PUB 180-1) */
#define HASH SHA1
#endif
#ifndef NO_SHA
#include <stdio.h>
#include <time.h>
#include "cryptlib.h"
...
...
@@ -74,8 +80,8 @@
#include <openssl/rand.h>
DSA
*
DSA_generate_parameters
(
int
bits
,
unsigned
char
*
seed_in
,
int
seed_len
,
int
*
counter_ret
,
unsigned
long
*
h_ret
,
void
(
*
callback
)(),
void
*
cb_arg
)
int
*
counter_ret
,
unsigned
long
*
h_ret
,
void
(
*
callback
)(),
void
*
cb_arg
)
{
int
ok
=
0
;
unsigned
char
seed
[
SHA_DIGEST_LENGTH
];
...
...
@@ -86,19 +92,26 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
BN_MONT_CTX
*
mont
=
NULL
;
int
k
,
n
=
0
,
i
,
b
,
m
=
0
;
int
counter
=
0
;
BN_CTX
*
ctx
=
NULL
,
*
ctx2
=
NULL
;
int
r
=
0
;
BN_CTX
*
ctx
=
NULL
,
*
ctx2
=
NULL
,
*
ctx3
=
NULL
,
*
ctx4
=
NULL
;
unsigned
int
h
=
2
;
DSA
*
ret
=
NULL
;
if
(
bits
<
512
)
bits
=
512
;
bits
=
(
bits
+
63
)
/
64
*
64
;
if
(
seed_len
<
20
)
seed_in
=
NULL
;
if
(
seed_len
<
20
)
seed_in
=
NULL
;
/* seed buffer too small -- ignore */
if
(
seed_len
>
20
)
seed_len
=
20
;
/* App. 2.2 of FIPS PUB 186 allows larger SEED,
* but our internal buffers are restricted to 160 bits*/
if
((
seed_in
!=
NULL
)
&&
(
seed_len
==
20
))
memcpy
(
seed
,
seed_in
,
seed_len
);
if
((
ctx
=
BN_CTX_new
())
==
NULL
)
goto
err
;
if
((
ctx2
=
BN_CTX_new
())
==
NULL
)
goto
err
;
if
((
ctx3
=
BN_CTX_new
())
==
NULL
)
goto
err
;
if
((
ctx4
=
BN_CTX_new
())
==
NULL
)
goto
err
;
if
((
ret
=
DSA_new
())
==
NULL
)
goto
err
;
if
((
mont
=
BN_MONT_CTX_new
())
==
NULL
)
goto
err
;
...
...
@@ -116,18 +129,24 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
for
(;;)
{
for
(;;)
for
(;;)
/* find q */
{
int
seed_is_random
=
0
;
/* step 1 */
if
(
callback
!=
NULL
)
callback
(
0
,
m
++
,
cb_arg
);
if
(
!
seed_len
)
{
RAND_pseudo_bytes
(
seed
,
SHA_DIGEST_LENGTH
);
seed_is_random
=
1
;
}
else
/* use random seed if 'seed_in' turns out to be bad */
seed_len
=
0
;
memcpy
(
buf
,
seed
,
SHA_DIGEST_LENGTH
);
memcpy
(
buf2
,
seed
,
SHA_DIGEST_LENGTH
);
/* precompute "SEED + 1" for step 7: */
for
(
i
=
SHA_DIGEST_LENGTH
-
1
;
i
>=
0
;
i
--
)
{
buf
[
i
]
++
;
...
...
@@ -146,7 +165,12 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
if
(
!
BN_bin2bn
(
md
,
SHA_DIGEST_LENGTH
,
q
))
goto
err
;
/* step 4 */
if
(
BN_is_prime
(
q
,
BN_prime_checks
,
callback
,
NULL
,
cb_arg
)
>
0
)
break
;
r
=
BN_is_prime_fasttest
(
q
,
DSS_prime_checks
,
callback
,
ctx3
,
ctx4
,
cb_arg
,
seed_is_random
);
if
(
r
>
0
)
break
;
if
(
r
!=
0
)
goto
err
;
/* do a callback call */
/* step 5 */
}
...
...
@@ -156,16 +180,22 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
/* step 6 */
counter
=
0
;
/* "offset = 2" */
n
=
(
bits
-
1
)
/
160
;
b
=
(
bits
-
1
)
-
n
*
160
;
for
(;;)
{
if
(
callback
!=
NULL
&&
counter
!=
0
)
callback
(
0
,
counter
,
cb_arg
);
/* step 7 */
BN_zero
(
W
);
/* now 'buf' contains "SEED + offset - 1" */
for
(
k
=
0
;
k
<=
n
;
k
++
)
{
/* obtain "SEED + offset + k" by incrementing: */
for
(
i
=
SHA_DIGEST_LENGTH
-
1
;
i
>=
0
;
i
--
)
{
buf
[
i
]
++
;
...
...
@@ -196,17 +226,19 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
if
(
BN_cmp
(
p
,
test
)
>=
0
)
{
/* step 11 */
if
(
BN_is_prime
(
p
,
BN_prime_checks
,
callback
,
NULL
,
cb_arg
)
>
0
)
goto
end
;
r
=
BN_is_prime_fasttest
(
p
,
DSS_prime_checks
,
callback
,
ctx3
,
ctx4
,
cb_arg
,
1
);
if
(
r
>
0
)
goto
end
;
/* found it */
if
(
r
!=
0
)
goto
err
;
}
/* step 13 */
counter
++
;
/* "offset = offset + n + 1" */
/* step 14 */
if
(
counter
>=
4096
)
break
;
if
(
callback
!=
NULL
)
callback
(
0
,
counter
,
cb_arg
);
}
}
end:
...
...
@@ -247,90 +279,10 @@ err:
if
(
h_ret
!=
NULL
)
*
h_ret
=
h
;
}
if
(
ctx
!=
NULL
)
BN_CTX_free
(
ctx
);
if
(
ctx
!=
NULL
)
BN_CTX_free
(
ctx2
);
if
(
ctx2
!=
NULL
)
BN_CTX_free
(
ctx2
);
if
(
ctx3
!=
NULL
)
BN_CTX_free
(
ctx3
);
if
(
ctx4
!=
NULL
)
BN_CTX_free
(
ctx4
);
if
(
mont
!=
NULL
)
BN_MONT_CTX_free
(
mont
);
return
(
ok
?
ret
:
NULL
);
}
int
DSA_is_prime
(
BIGNUM
*
w
,
void
(
*
callback
)(),
void
*
cb_arg
)
{
int
ok
=
-
1
,
j
,
i
,
n
;
BN_CTX
*
ctx
=
NULL
,
*
ctx2
=
NULL
;
BIGNUM
*
w_1
,
*
b
,
*
m
,
*
z
,
*
tmp
,
*
mont_1
;
int
a
;
BN_MONT_CTX
*
mont
=
NULL
;
if
(
!
BN_is_odd
(
w
))
return
(
0
);
if
((
ctx
=
BN_CTX_new
())
==
NULL
)
goto
err
;
if
((
ctx2
=
BN_CTX_new
())
==
NULL
)
goto
err
;
if
((
mont
=
BN_MONT_CTX_new
())
==
NULL
)
goto
err
;
m
=
&
(
ctx2
->
bn
[
2
]);
b
=
&
(
ctx2
->
bn
[
3
]);
z
=
&
(
ctx2
->
bn
[
4
]);
w_1
=
&
(
ctx2
->
bn
[
5
]);
tmp
=
&
(
ctx2
->
bn
[
6
]);
mont_1
=
&
(
ctx2
->
bn
[
7
]);
/* step 1 */
n
=
BN_prime_checks_size
(
BN_num_bits
(
w
));
/* step 2 */
if
(
!
BN_sub
(
w_1
,
w
,
BN_value_one
()))
goto
err
;
for
(
a
=
1
;
!
BN_is_bit_set
(
w_1
,
a
);
a
++
)
;
if
(
!
BN_rshift
(
m
,
w_1
,
a
))
goto
err
;
BN_MONT_CTX_set
(
mont
,
w
,
ctx
);
BN_to_montgomery
(
mont_1
,
BN_value_one
(),
mont
,
ctx
);
BN_to_montgomery
(
w_1
,
w_1
,
mont
,
ctx
);
for
(
i
=
1
;
i
<
n
;
i
++
)
{
/* step 3 */
if
(
!
BN_pseudo_rand
(
b
,
BN_num_bits
(
w
)
-
2
/*-1*/
,
0
,
0
))
goto
err
;
/* BN_set_word(b,0x10001L); */
/* step 4 */
j
=
0
;
if
(
!
BN_mod_exp_mont
(
z
,
b
,
m
,
w
,
ctx
,
mont
))
goto
err
;
if
(
!
BN_to_montgomery
(
z
,
z
,
mont
,
ctx
))
goto
err
;
/* step 5 */
for
(;;)
{
if
(((
j
==
0
)
&&
(
BN_cmp
(
z
,
mont_1
)
==
0
))
||
(
BN_cmp
(
z
,
w_1
)
==
0
))
break
;
/* step 6 */
if
((
j
>
0
)
&&
(
BN_cmp
(
z
,
mont_1
)
==
0
))
{
ok
=
0
;
goto
err
;
}
j
++
;
if
(
j
>=
a
)
{
ok
=
0
;
goto
err
;
}
if
(
!
BN_mod_mul_montgomery
(
z
,
z
,
z
,
mont
,
ctx
))
goto
err
;
if
(
callback
!=
NULL
)
callback
(
1
,
j
,
cb_arg
);
}
}
ok
=
1
;
err:
if
(
ok
==
-
1
)
DSAerr
(
DSA_F_DSA_IS_PRIME
,
ERR_R_BN_LIB
);
BN_CTX_free
(
ctx
);
BN_CTX_free
(
ctx2
);
BN_MONT_CTX_free
(
mont
);
return
(
ok
);
}
#endif
crypto/dsa/dsatest.c
浏览文件 @
a87030a1
...
...
@@ -85,6 +85,9 @@ int main(int argc, char *argv[])
#endif
static
void
MS_CALLBACK
dsa_cb
(
int
p
,
int
n
,
char
*
arg
);
/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
* FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
static
unsigned
char
seed
[
20
]
=
{
0xd5
,
0x01
,
0x4e
,
0x4b
,
0x60
,
0xef
,
0x2b
,
0xa8
,
0xb6
,
0x21
,
0x1b
,
0x40
,
0x62
,
0xba
,
0x32
,
0x24
,
0xe0
,
0x42
,
0x7d
,
0xd3
,
...
...
@@ -141,9 +144,8 @@ int main(int argc, char **argv)
CRYPTO_mem_ctrl
(
CRYPTO_MEM_CHECK_ON
);
BIO_printf
(
bio_err
,
"test generation of DSA parameters
\n
"
);
BIO_printf
(
bio_err
,
"expect '.*' followed by 3 lines of '.'s and '+'s
\n
"
);
dsa
=
DSA_generate_parameters
(
512
,
seed
,
20
,
&
counter
,
&
h
,
dsa_cb
,
(
char
*
)
bio_err
);
dsa
=
DSA_generate_parameters
(
512
,
seed
,
20
,
&
counter
,
&
h
,
dsa_cb
,(
char
*
)
bio_err
);
BIO_printf
(
bio_err
,
"seed
\n
"
);
for
(
i
=
0
;
i
<
20
;
i
+=
4
)
...
...
crypto/sha/sha.h
浏览文件 @
a87030a1
...
...
@@ -63,7 +63,7 @@
extern
"C"
{
#endif
#if defined(NO_SHA) ||
defined(NO_SHA0) || defined(NO_SHA1
)
#if defined(NO_SHA) ||
(defined(NO_SHA0) && defined(NO_SHA1)
)
#error SHA is disabled.
#endif
...
...
doc/crypto/DSA_generate_parameters.pod
浏览文件 @
a87030a1
...
...
@@ -20,14 +20,14 @@ for use in the DSA.
B<bits> is the length of the prime to be generated; the DSS allows a
maximum of 1024 bits.
If B<seed> is
NULL
or B<seed_len> E<lt> 20, the primes will be
If B<seed> is
B<NULL>
or B<seed_len> E<lt> 20, the primes will be
generated at random. Otherwise, the seed is used to generate
them. If the given seed does not yield a prime q, a new random
seed is chosen and placed at B<seed>.
DSA_generate_parameters() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in
*B<h_ret>, unless these are
NULL
.
*B<h_ret>, unless these are
B<NULL>
.
A callback function may be used to provide feedback about the progress
of the key generation. If B<callback> is not B<NULL>, it will be
...
...
@@ -37,13 +37,15 @@ called as follows:
=item *
When
the the m-th candidate for q is generated, B<callback(0, m,
cb_arg)> is called
.
When
a candidate for q is generated, B<callback(0, m++, cb_arg)> is called
(m is 0 for the first candidate)
.
=item *
B<callback(1, j++, cb_arg)> is called in the inner loop of the
Miller-Rabin primality test.
While a candidate for q is tested, B<callback(1, i, cb_arg)>
is called in the outer loop of the Miller-Rabin primality tests
(once for each witness that confirms that the candidate may be prime).
i is the loop counter (starting at 0).
=item *
...
...
@@ -52,10 +54,15 @@ B<callback(3, 0, cb_arg)> are called.
=item *
While candidates for p are being tested, B<callback(1, j++, cb_arg)>
is called in the inner loop of the Miller-Rabin primality test, then
B<callback(0, counter, cb_arg)> is called when the next candidate
is chosen.
Before a candidate for p (other than the first) is generated and tested,
B<callback(0, counter, cb_arg)> is called.
=item *
While a candidate for p is tested, B<callback(1, j++, cb_arg)>
is called in the outer loop of the Miller-Rabin primality test
(once for each witness that confirms that the candidate may be prime).
i is the loop counter (starting at 0).
=item *
...
...
@@ -70,15 +77,11 @@ When the generator has been found, B<callback(3, 1, cb_arg)> is called.
=head1 RETURN VALUE
DSA_generate_parameters() returns a pointer to the DSA structure, or
NULL
if the parameter generation fails. The error codes can be
B<NULL>
if the parameter generation fails. The error codes can be
obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 BUGS
The deterministic generation of p does not follow the NIST algorithm:
r0 is SHA1(s+k+1), but should be SHA1(s+j+k) with j_0=2,
j_counter=j_counter-1 + n + 1.
Seed lengths E<gt> 20 are not supported.
=head1 SEE ALSO
...
...
@@ -90,5 +93,9 @@ L<DSA_free(3)|DSA_free(3)>
DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
argument was added in SSLeay 0.9.0.
In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called
in the inner loop of the Miller-Rabin test whenever it reached the
squaring step (the parameters to B<callback> did not reveal how many
witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)>
is called as in BN_is_prime(3), i.e. once for each witness.
=cut
ms/test.bat
浏览文件 @
a87030a1
...
...
@@ -135,6 +135,10 @@ echo test sslv2 via BIO pair
ssltest
-bio
_pair
-ssl
2
if
errorlevel
1
goto
done
echo
test
sslv2
/sslv
3
with
1024
bit
DHE
via
BIO
pair
ssltest
-bio
_pair
-dhe
1024
-v
if
errorlevel
1
goto
done
echo
test
sslv2
with
server
authentication
via
BIO
pair
ssltest
-bio
_pair
-ssl
2
-server
_auth
-CAfile
cert
.tmp
if
errorlevel
1
goto
done
...
...
ssl/s3_srvr.c
浏览文件 @
a87030a1
...
...
@@ -963,6 +963,14 @@ static int ssl3_send_server_key_exchange(SSL *s)
SSLerr
(
SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE
,
SSL_R_MISSING_TMP_DH_KEY
);
goto
f_err
;
}
if
(
s
->
s3
->
tmp
.
dh
!=
NULL
)
{
DH_free
(
dh
);
SSLerr
(
SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE
,
SSL_R_INTERNAL_ERROR
);
goto
err
;
}
if
((
dh
=
DHparams_dup
(
dhp
))
==
NULL
)
{
SSLerr
(
SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE
,
ERR_R_DH_LIB
);
...
...
@@ -1109,7 +1117,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
s
->
init_off
=
0
;
}
/* SSL3_ST_SW_KEY_EXCH_B */
s
->
state
=
SSL3_ST_SW_KEY_EXCH_B
;
return
(
ssl3_do_write
(
s
,
SSL3_RT_HANDSHAKE
));
f_err:
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
...
...
test/Makefile.ssl
浏览文件 @
a87030a1
...
...
@@ -197,12 +197,13 @@ test_verify:
../apps/openssl verify -CApath ../certs ../certs/*.pem
test_dh
:
@
echo
"Generate a
s
set of DH parameters"
@
echo
"Generate a set of DH parameters"
./
$(DHTEST)
test_dsa
:
@
echo
"Generate a
s
set of DSA parameters"
@
echo
"Generate a set of DSA parameters"
./
$(DSATEST)
./
$(DSATEST)
-app2_1
test_gen
:
@
echo
"Generate and verify a certificate request"
...
...
test/testssl
浏览文件 @
a87030a1
...
...
@@ -66,6 +66,9 @@ echo test sslv2/sslv3 via BIO pair
echo test
sslv2/sslv3 w/o DHE via BIO pair
./ssltest
-bio_pair
-no_dhe
||
exit
1
echo test
sslv2/sslv3 with 1024bit DHE
./ssltest
-bio_pair
-dhe1024
-v
||
exit
1
echo test
sslv2/sslv3 with server authentication
./ssltest
-bio_pair
-server_auth
-CApath
../certs
||
exit
1
...
...
util/libeay.num
浏览文件 @
a87030a1
...
...
@@ -2211,3 +2211,5 @@ sk_CRYPTO_EX_DATA_FUNCS_num 2235
sk_CRYPTO_EX_DATA_FUNCS_pop_free 2236
sk_CRYPTO_EX_DATA_FUNCS_insert 2237
sk_CRYPTO_EX_DATA_FUNCS_zero 2238
BN_pseudo_rand 2239
BN_is_prime_fasttest 2240
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录