Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
41918458
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
41918458
编写于
24年前
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
New '-dsaparam' option for 'openssl dhparam', and related fixes.
上级
d6f68fa3
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
213 addition
and
36 deletion
+213
-36
CHANGES
CHANGES
+9
-0
apps/app_rand.c
apps/app_rand.c
+1
-1
apps/dh.c
apps/dh.c
+3
-2
apps/dhparam.c
apps/dhparam.c
+168
-20
apps/gendh.c
apps/gendh.c
+2
-1
doc/apps/dhparam.pod
doc/apps/dhparam.pod
+29
-11
doc/apps/rand.pod
doc/apps/rand.pod
+1
-1
未找到文件。
CHANGES
浏览文件 @
41918458
...
...
@@ -4,6 +4,15 @@
Changes between 0.9.5 and 0.9.6 [XX XXX 2000]
*) Add '-dsaparam' option to 'openssl dhparam' application. This
converts DSA parameters into DH parameters. (When creating parameters,
DSA_generate_parameters is used.)
[Bodo Moeller]
*) Include 'length' (recommended exponent length) in C code generated
by 'openssl dhparam -C'.
[Bodo Moeller]
*) The second argument to set_label in perlasm was already being used
so couldn't be used as a "file scope" flag. Moved to third argument
which was free.
...
...
This diff is collapsed.
Click to expand it.
apps/app_rand.c
浏览文件 @
41918458
...
...
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-
1999
The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-
2000
The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
...
...
This diff is collapsed.
Click to expand it.
apps/dh.c
浏览文件 @
41918458
/* apps/dh.c */
/* obsoleted by dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
...
...
@@ -234,8 +235,8 @@ bad:
}
if
(
i
&
DH_CHECK_P_NOT_PRIME
)
printf
(
"p value is not prime
\n
"
);
if
(
i
&
DH_CHECK_P_NOT_S
TRONG
_PRIME
)
printf
(
"p value is not a s
trong
prime
\n
"
);
if
(
i
&
DH_CHECK_P_NOT_S
AFE
_PRIME
)
printf
(
"p value is not a s
afe
prime
\n
"
);
if
(
i
&
DH_UNABLE_TO_CHECK_GENERATOR
)
printf
(
"unable to check the generator value
\n
"
);
if
(
i
&
DH_NOT_SUITABLE_GENERATOR
)
...
...
This diff is collapsed.
Click to expand it.
apps/dhparam.c
浏览文件 @
41918458
...
...
@@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef NO_DH
#include <stdio.h>
...
...
@@ -69,6 +122,10 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#ifndef NO_DSA
#include <openssl/dsa.h>
#endif
#undef PROG
#define PROG dhparam_main
...
...
@@ -78,6 +135,7 @@
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -dsaparam - read or generate DSA parameters, convert to DH
* -check - check the parameters are ok
* -noout
* -text
...
...
@@ -92,6 +150,9 @@ int MAIN(int argc, char **argv)
{
DH
*
dh
=
NULL
;
int
i
,
badops
=
0
,
text
=
0
;
#ifndef NO_DSA
int
dsaparam
=
0
;
#endif
BIO
*
in
=
NULL
,
*
out
=
NULL
;
int
informat
,
outformat
,
check
=
0
,
noout
=
0
,
C
=
0
,
ret
=
1
;
char
*
infile
,
*
outfile
,
*
prog
;
...
...
@@ -138,6 +199,10 @@ int MAIN(int argc, char **argv)
check
=
1
;
else
if
(
strcmp
(
*
argv
,
"-text"
)
==
0
)
text
=
1
;
#ifndef NO_DSA
else
if
(
strcmp
(
*
argv
,
"-dsaparam"
)
==
0
)
dsaparam
=
1
;
#endif
else
if
(
strcmp
(
*
argv
,
"-C"
)
==
0
)
C
=
1
;
else
if
(
strcmp
(
*
argv
,
"-noout"
)
==
0
)
...
...
@@ -166,6 +231,9 @@ bad:
BIO_printf
(
bio_err
,
" -outform arg output format - one of DER PEM
\n
"
);
BIO_printf
(
bio_err
,
" -in arg input file
\n
"
);
BIO_printf
(
bio_err
,
" -out arg output file
\n
"
);
#ifndef NO_DSA
BIO_printf
(
bio_err
,
" -dsaparam read or generate DSA parameters, convert to DH
\n
"
);
#endif
BIO_printf
(
bio_err
,
" -check check the DH parameters
\n
"
);
BIO_printf
(
bio_err
,
" -text print a text form of the DH parameters
\n
"
);
BIO_printf
(
bio_err
,
" -C Output C code
\n
"
);
...
...
@@ -181,8 +249,25 @@ bad:
ERR_load_crypto_strings
();
if
(
g
&&
!
num
)
num
=
DEFBITS
;
else
if
(
num
&&
!
g
)
g
=
2
;
if
(
g
&&
!
num
)
num
=
DEFBITS
;
#ifndef NO_DSA
if
(
dsaparam
)
{
if
(
g
)
{
BIO_printf
(
bio_err
,
"generator may not be chosen for DSA parameters
\n
"
);
goto
end
;
}
}
else
#endif
{
/* DH parameters */
if
(
num
&&
!
g
)
g
=
2
;
}
if
(
num
)
{
...
...
@@ -194,11 +279,40 @@ bad:
BIO_printf
(
bio_err
,
"%ld semi-random bytes loaded
\n
"
,
app_RAND_load_files
(
inrand
));
BIO_printf
(
bio_err
,
"Generating DH parameters, %d bit long strong prime, generator of %d
\n
"
,
num
,
g
);
BIO_printf
(
bio_err
,
"This is going to take a long time
\n
"
);
dh
=
DH_generate_parameters
(
num
,
g
,
dh_cb
,
bio_err
);
#ifndef NO_DSA
if
(
dsaparam
)
{
DSA
*
dsa
;
BIO_printf
(
bio_err
,
"Generating DSA parameters, %d bit long prime
\n
"
,
num
);
dsa
=
DSA_generate_parameters
(
num
,
NULL
,
0
,
NULL
,
NULL
,
dh_cb
,
bio_err
);
if
(
dsa
==
NULL
)
{
ERR_print_errors
(
bio_err
);
goto
end
;
}
dh
=
DSA_dup_DH
(
dsa
);
DSA_free
(
dsa
);
if
(
dh
==
NULL
)
{
ERR_print_errors
(
bio_err
);
goto
end
;
}
}
else
#endif
{
BIO_printf
(
bio_err
,
"Generating DH parameters, %d bit long safe prime, generator %d
\n
"
,
num
,
g
);
BIO_printf
(
bio_err
,
"This is going to take a long time
\n
"
);
dh
=
DH_generate_parameters
(
num
,
g
,
dh_cb
,
bio_err
);
if
(
dh
==
NULL
)
goto
end
;
if
(
dh
==
NULL
)
{
ERR_print_errors
(
bio_err
);
goto
end
;
}
}
app_RAND_write_file
(
NULL
,
bio_err
);
}
else
{
...
...
@@ -220,24 +334,56 @@ bad:
}
}
if
(
informat
==
FORMAT_ASN1
)
dh
=
d2i_DHparams_bio
(
in
,
NULL
);
else
if
(
informat
==
FORMAT_PEM
)
dh
=
PEM_read_bio_DHparams
(
in
,
NULL
,
NULL
,
NULL
);
else
if
(
informat
!=
FORMAT_ASN1
&&
informat
!=
FORMAT_PEM
)
{
BIO_printf
(
bio_err
,
"bad input format specified
\n
"
);
goto
end
;
}
if
(
dh
==
NULL
)
#ifndef NO_DSA
if
(
dsaparam
)
{
BIO_printf
(
bio_err
,
"unable to load DH parameters
\n
"
);
ERR_print_errors
(
bio_err
);
goto
end
;
DSA
*
dsa
;
if
(
informat
==
FORMAT_ASN1
)
dsa
=
d2i_DSAparams_bio
(
in
,
NULL
);
else
/* informat == FORMAT_PEM */
dsa
=
PEM_read_bio_DSAparams
(
in
,
NULL
,
NULL
,
NULL
);
if
(
dsa
==
NULL
)
{
BIO_printf
(
bio_err
,
"unable to load DSA parameters
\n
"
);
ERR_print_errors
(
bio_err
);
goto
end
;
}
dh
=
DSA_dup_DH
(
dsa
);
DSA_free
(
dsa
);
if
(
dh
==
NULL
)
{
ERR_print_errors
(
bio_err
);
goto
end
;
}
}
else
#endif
{
if
(
informat
==
FORMAT_ASN1
)
dh
=
d2i_DHparams_bio
(
in
,
NULL
);
else
/* informat == FORMAT_PEM */
dh
=
PEM_read_bio_DHparams
(
in
,
NULL
,
NULL
,
NULL
);
if
(
dh
==
NULL
)
{
BIO_printf
(
bio_err
,
"unable to load DH parameters
\n
"
);
ERR_print_errors
(
bio_err
);
goto
end
;
}
}
/* dh != NULL */
}
out
=
BIO_new
(
BIO_s_file
());
if
(
out
==
NULL
)
{
...
...
@@ -255,7 +401,6 @@ bad:
}
}
if
(
text
)
{
...
...
@@ -271,8 +416,8 @@ bad:
}
if
(
i
&
DH_CHECK_P_NOT_PRIME
)
printf
(
"p value is not prime
\n
"
);
if
(
i
&
DH_CHECK_P_NOT_S
TRONG
_PRIME
)
printf
(
"p value is not a s
trong
prime
\n
"
);
if
(
i
&
DH_CHECK_P_NOT_S
AFE
_PRIME
)
printf
(
"p value is not a s
afe
prime
\n
"
);
if
(
i
&
DH_UNABLE_TO_CHECK_GENERATOR
)
printf
(
"unable to check the generator value
\n
"
);
if
(
i
&
DH_NOT_SUITABLE_GENERATOR
)
...
...
@@ -320,6 +465,8 @@ bad:
bits
,
bits
);
printf
(
"
\t
if ((dh->p == NULL) || (dh->g == NULL))
\n
"
);
printf
(
"
\t\t
return(NULL);
\n
"
);
if
(
dh
->
length
)
printf
(
"
\t
dh->length = %d
\n
"
,
dh
->
length
);
printf
(
"
\t
return(dh);
\n\t
}
\n
"
);
Free
(
data
);
}
...
...
@@ -350,6 +497,7 @@ end:
EXIT
(
ret
);
}
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
static
void
MS_CALLBACK
dh_cb
(
int
p
,
int
n
,
void
*
arg
)
{
char
c
=
'*'
;
...
...
This diff is collapsed.
Click to expand it.
apps/gendh.c
浏览文件 @
41918458
/* apps/gendh.c */
/* obsoleted by dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
...
...
@@ -159,7 +160,7 @@ bad:
BIO_printf
(
bio_err
,
"%ld semi-random bytes loaded
\n
"
,
app_RAND_load_files
(
inrand
));
BIO_printf
(
bio_err
,
"Generating DH parameters, %d bit long s
trong prime, generator of
%d
\n
"
,
num
,
g
);
BIO_printf
(
bio_err
,
"Generating DH parameters, %d bit long s
afe prime, generator
%d
\n
"
,
num
,
g
);
BIO_printf
(
bio_err
,
"This is going to take a long time
\n
"
);
dh
=
DH_generate_parameters
(
num
,
g
,
dh_cb
,
bio_err
);
...
...
This diff is collapsed.
Click to expand it.
doc/apps/dhparam.pod
浏览文件 @
41918458
...
...
@@ -6,18 +6,19 @@ dhparam - DH parameter manipulation and generation
=head1 SYNOPSIS
B<openssl dh>
B<openssl dh
param
>
[B<-inform DER|PEM>]
[B<-outform DER|PEM>]
[B<-in filename>]
[B<-out filename>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-dsaparam>]
[B<-noout>]
[B<-text>]
[B<-C>]
[B<-2>]
[B<-5>]
[B<-rand
file(s)>]
[
numbits
]
[B<-rand
> I<
file(s)>]
[
I<numbits>
]
=head1 DESCRIPTION
...
...
@@ -39,23 +40,35 @@ additional header and footer lines.
This specifies the output format, the options have the same meaning as the
B<-inform> option.
=item B<-in
filename>
=item B<-in
> I<
filename>
This specifies the input filename to read parameters from or standard input if
this option is not specified.
=item B<-out
filename>
=item B<-out
> I<
filename>
This specifies the output filename parameters to. Standard output is used
if this option is not present. The output filename should B<not> be the same
as the input filename.
=item B<-dsaparam>
If this option is used, DSA rather than DH parameters are read or created;
they are converted to DH format. Otherwise, "strong" primes (such
that (p-1)/2 is also prime) will be used for DH parameter generation.
DH parameter generation with the B<-dsaparam> option is much faster,
and the recommended exponent length is shorter, which makes DH key
exchange more efficient. Beware that with such DSA-style DH
parameters, a fresh DH key should be created for each use to
avoid small-subgroup attacks that may be possible otherwise.
=item B<-2>, B<-5>
The generator to use, either 2 or 5. 2 is the default. If present then the
input file is ignored and parameters are generated instead.
=item B<-rand
file(s)>
=item B<-rand
> I<
file(s)>
a file or files containing random data used to seed the random number
generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
...
...
@@ -63,10 +76,10 @@ Multiple files can be specified separated by a OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
all others.
=item
B
<numbits>
=item
I
<numbits>
this option specifies that a parameter set should be generated of size
B
<numbits>. It must be the last option. If not present then a value of 512
I
<numbits>. It must be the last option. If not present then a value of 512
is used. If this option is present then the input file is ignored and
parameters are generated instead.
...
...
@@ -81,7 +94,7 @@ this option prints out the DH parameters in human readable form.
=item B<-C>
this option converts the parameters into C code. The parameters can then
be loaded by calling the B<get_dh
XXX
()> function.
be loaded by calling the B<get_dh
>I<numbits>B<
()> function.
=back
...
...
@@ -112,4 +125,9 @@ There should be a way to generate and manipulate DH keys.
L<dsaparam(1)|dsaparam(1)>
=head1 HISTORY
The B<dhparam> command was added in OpenSSL 0.9.5.
The B<-dsaparam> option was added in OpenSSL 0.9.6.
=cut
This diff is collapsed.
Click to expand it.
doc/apps/rand.pod
浏览文件 @
41918458
...
...
@@ -8,7 +8,7 @@ rand - generate pseudo-random bytes
B<openssl rand>
[B<-out> I<file>]
[B<-rand> I<file(s)>
[B<-rand> I<file(s)>
]
[B<-base64>]
I<num>
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部