Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
dc03504d
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
dc03504d
编写于
4月 23, 2011
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Make sure overrides work for RSA/DSA.
上级
383bc117
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
23 addition
and
7 deletion
+23
-7
apps/dsaparam.c
apps/dsaparam.c
+6
-0
apps/genrsa.c
apps/genrsa.c
+6
-0
crypto/dsa/dsa_lib.c
crypto/dsa/dsa_lib.c
+1
-1
crypto/rsa/rsa.h
crypto/rsa/rsa.h
+1
-1
crypto/rsa/rsa_eay.c
crypto/rsa/rsa_eay.c
+8
-4
crypto/rsa/rsa_lib.c
crypto/rsa/rsa_lib.c
+1
-1
未找到文件。
apps/dsaparam.c
浏览文件 @
dc03504d
...
...
@@ -118,6 +118,7 @@ int MAIN(int argc, char **argv)
char
*
infile
,
*
outfile
,
*
prog
,
*
inrand
=
NULL
;
int
numbits
=
-
1
,
num
,
genkey
=
0
;
int
need_rand
=
0
;
int
non_fips_allow
=
0
;
#ifndef OPENSSL_NO_ENGINE
char
*
engine
=
NULL
;
#endif
...
...
@@ -195,6 +196,8 @@ int MAIN(int argc, char **argv)
}
else
if
(
strcmp
(
*
argv
,
"-noout"
)
==
0
)
noout
=
1
;
else
if
(
strcmp
(
*
argv
,
"-non-fips-allow"
)
==
0
)
non_fips_allow
=
1
;
else
if
(
sscanf
(
*
argv
,
"%d"
,
&
num
)
==
1
)
{
/* generate a key */
...
...
@@ -297,6 +300,8 @@ bad:
BIO_printf
(
bio_err
,
"Error allocating DSA object
\n
"
);
goto
end
;
}
if
(
non_fips_allow
)
dsa
->
flags
|=
DSA_FLAG_NON_FIPS_ALLOW
;
BIO_printf
(
bio_err
,
"Generating DSA parameters, %d bit long prime
\n
"
,
num
);
BIO_printf
(
bio_err
,
"This could take some time
\n
"
);
#ifdef GENCB_TEST
...
...
@@ -326,6 +331,7 @@ bad:
goto
end
;
}
#endif
ERR_print_errors
(
bio_err
);
BIO_printf
(
bio_err
,
"Error, DSA key generation failed
\n
"
);
goto
end
;
}
...
...
apps/genrsa.c
浏览文件 @
dc03504d
...
...
@@ -93,6 +93,7 @@ int MAIN(int argc, char **argv)
ENGINE
*
e
=
NULL
;
#endif
int
ret
=
1
;
int
non_fips_allow
=
0
;
int
i
,
num
=
DEFBITS
;
long
l
;
const
EVP_CIPHER
*
enc
=
NULL
;
...
...
@@ -185,6 +186,8 @@ int MAIN(int argc, char **argv)
if
(
--
argc
<
1
)
goto
bad
;
passargout
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-non-fips-allow"
)
==
0
)
non_fips_allow
=
1
;
else
break
;
argv
++
;
...
...
@@ -273,6 +276,9 @@ bad:
if
(
!
rsa
)
goto
err
;
if
(
non_fips_allow
)
rsa
->
flags
|=
RSA_FLAG_NON_FIPS_ALLOW
;
if
(
!
BN_set_word
(
bn
,
f4
)
||
!
RSA_generate_key_ex
(
rsa
,
num
,
bn
,
&
cb
))
goto
err
;
...
...
crypto/dsa/dsa_lib.c
浏览文件 @
dc03504d
...
...
@@ -163,7 +163,7 @@ DSA *DSA_new_method(ENGINE *engine)
ret
->
method_mont_p
=
NULL
;
ret
->
references
=
1
;
ret
->
flags
=
ret
->
meth
->
flags
;
ret
->
flags
=
ret
->
meth
->
flags
&
~
DSA_FLAG_NON_FIPS_ALLOW
;
CRYPTO_new_ex_data
(
CRYPTO_EX_INDEX_DSA
,
ret
,
&
ret
->
ex_data
);
if
((
ret
->
meth
->
init
!=
NULL
)
&&
!
ret
->
meth
->
init
(
ret
))
{
...
...
crypto/rsa/rsa.h
浏览文件 @
dc03504d
...
...
@@ -458,7 +458,7 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
/* If this flag is set the RSA method is FIPS compliant and can be used
* in FIPS mode. This is set in the validated module method. If an
* application sets this flag in its own methods it is its re
po
sibility
* application sets this flag in its own methods it is its re
spon
sibility
* to ensure the result is compliant.
*/
...
...
crypto/rsa/rsa_eay.c
浏览文件 @
dc03504d
...
...
@@ -170,7 +170,8 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
goto
err
;
}
if
(
FIPS_mode
()
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
if
(
FIPS_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PUBLIC_ENCRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
return
-
1
;
...
...
@@ -381,7 +382,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
goto
err
;
}
if
(
FIPS_mode
()
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
if
(
FIPS_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PRIVATE_ENCRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
return
-
1
;
...
...
@@ -528,7 +530,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto
err
;
}
if
(
FIPS_mode
()
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
if
(
FIPS_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PRIVATE_DECRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
return
-
1
;
...
...
@@ -671,7 +674,8 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
goto
err
;
}
if
(
FIPS_mode
()
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
if
(
FIPS_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PUBLIC_DECRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
return
-
1
;
...
...
crypto/rsa/rsa_lib.c
浏览文件 @
dc03504d
...
...
@@ -181,7 +181,7 @@ RSA *RSA_new_method(ENGINE *engine)
ret
->
blinding
=
NULL
;
ret
->
mt_blinding
=
NULL
;
ret
->
bignum_data
=
NULL
;
ret
->
flags
=
ret
->
meth
->
flags
;
ret
->
flags
=
ret
->
meth
->
flags
&
~
RSA_FLAG_NON_FIPS_ALLOW
;
if
(
!
CRYPTO_new_ex_data
(
CRYPTO_EX_INDEX_RSA
,
ret
,
&
ret
->
ex_data
))
{
#ifndef OPENSSL_NO_ENGINE
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录