Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
83c3410b
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
83c3410b
编写于
1月 26, 2011
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
FIPS DH changes: selftest checks and key range checks.
上级
20818e00
变更
5
显示空白变更内容
内联
并排
Showing
5 changed file
with
50 addition
and
2 deletion
+50
-2
crypto/dh/Makefile
crypto/dh/Makefile
+1
-1
crypto/dh/dh.h
crypto/dh/dh.h
+8
-0
crypto/dh/dh_err.c
crypto/dh/dh_err.c
+2
-1
crypto/dh/dh_gen.c
crypto/dh/dh_gen.c
+17
-0
crypto/dh/dh_key.c
crypto/dh/dh_key.c
+22
-0
未找到文件。
crypto/dh/Makefile
浏览文件 @
83c3410b
...
...
@@ -35,7 +35,7 @@ top:
all
:
lib
lib
:
$(LIBOBJ)
$(AR)
$(LIB)
$(LIBOBJ)
$(AR
X
)
$(LIB)
$(LIBOBJ)
$(RANLIB)
$(LIB)
||
echo
Never mind.
@
touch
lib
...
...
crypto/dh/dh.h
浏览文件 @
83c3410b
...
...
@@ -77,6 +77,8 @@
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
#endif
#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
#define DH_FLAG_CACHE_MONT_P 0x01
#define DH_FLAG_NO_EXP_CONSTTIME 0x02
/* new with 0.9.7h; the built-in DH
* implementation now uses constant time
...
...
@@ -168,6 +170,11 @@ DH *DHparams_dup(DH *);
const
DH_METHOD
*
DH_OpenSSL
(
void
);
#ifdef OPENSSL_FIPS
DH
*
FIPS_dh_new
(
void
);
void
FIPS_dh_free
(
DH
*
dh
);
#endif
void
DH_set_default_method
(
const
DH_METHOD
*
meth
);
const
DH_METHOD
*
DH_get_default_method
(
void
);
int
DH_set_method
(
DH
*
dh
,
const
DH_METHOD
*
meth
);
...
...
@@ -249,6 +256,7 @@ void ERR_load_DH_strings(void);
#define DH_R_DECODE_ERROR 104
#define DH_R_INVALID_PUBKEY 102
#define DH_R_KEYS_NOT_SET 108
#define DH_R_KEY_SIZE_TOO_SMALL 110
#define DH_R_MODULUS_TOO_LARGE 103
#define DH_R_NO_PARAMETERS_SET 107
#define DH_R_NO_PRIVATE_VALUE 100
...
...
crypto/dh/dh_err.c
浏览文件 @
83c3410b
/* crypto/dh/dh_err.c */
/* ====================================================================
* Copyright (c) 1999-20
06
The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-20
10
The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
...
...
@@ -95,6 +95,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
{
ERR_REASON
(
DH_R_DECODE_ERROR
)
,
"decode error"
},
{
ERR_REASON
(
DH_R_INVALID_PUBKEY
)
,
"invalid public key"
},
{
ERR_REASON
(
DH_R_KEYS_NOT_SET
)
,
"keys not set"
},
{
ERR_REASON
(
DH_R_KEY_SIZE_TOO_SMALL
)
,
"key size too small"
},
{
ERR_REASON
(
DH_R_MODULUS_TOO_LARGE
)
,
"modulus too large"
},
{
ERR_REASON
(
DH_R_NO_PARAMETERS_SET
)
,
"no parameters set"
},
{
ERR_REASON
(
DH_R_NO_PRIVATE_VALUE
)
,
"no private value"
},
...
...
crypto/dh/dh_gen.c
浏览文件 @
83c3410b
...
...
@@ -65,6 +65,9 @@
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
static
int
dh_builtin_genparams
(
DH
*
ret
,
int
prime_len
,
int
generator
,
BN_GENCB
*
cb
);
...
...
@@ -106,6 +109,20 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB
int
g
,
ok
=
-
1
;
BN_CTX
*
ctx
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_selftest_failed
())
{
FIPSerr
(
FIPS_F_DH_BUILTIN_GENPARAMS
,
FIPS_R_FIPS_SELFTEST_FAILED
);
return
0
;
}
if
(
FIPS_mode
()
&&
(
prime_len
<
OPENSSL_DH_FIPS_MIN_MODULUS_BITS
))
{
DHerr
(
DH_F_DH_BUILTIN_GENPARAMS
,
DH_R_KEY_SIZE_TOO_SMALL
);
goto
err
;
}
#endif
ctx
=
BN_CTX_new
();
if
(
ctx
==
NULL
)
goto
err
;
BN_CTX_start
(
ctx
);
...
...
crypto/dh/dh_key.c
浏览文件 @
83c3410b
...
...
@@ -61,6 +61,9 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/dh.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
static
int
generate_key
(
DH
*
dh
);
static
int
compute_key
(
unsigned
char
*
key
,
const
BIGNUM
*
pub_key
,
DH
*
dh
);
...
...
@@ -107,6 +110,14 @@ static int generate_key(DH *dh)
BN_MONT_CTX
*
mont
=
NULL
;
BIGNUM
*
pub_key
=
NULL
,
*
priv_key
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_mode
()
&&
(
BN_num_bits
(
dh
->
p
)
<
OPENSSL_DH_FIPS_MIN_MODULUS_BITS
))
{
DHerr
(
DH_F_GENERATE_KEY
,
DH_R_KEY_SIZE_TOO_SMALL
);
return
0
;
}
#endif
ctx
=
BN_CTX_new
();
if
(
ctx
==
NULL
)
goto
err
;
...
...
@@ -185,6 +196,14 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto
err
;
}
#ifdef OPENSSL_FIPS
if
(
FIPS_mode
()
&&
(
BN_num_bits
(
dh
->
p
)
<
OPENSSL_DH_FIPS_MIN_MODULUS_BITS
))
{
DHerr
(
DH_F_COMPUTE_KEY
,
DH_R_KEY_SIZE_TOO_SMALL
);
goto
err
;
}
#endif
ctx
=
BN_CTX_new
();
if
(
ctx
==
NULL
)
goto
err
;
BN_CTX_start
(
ctx
);
...
...
@@ -251,6 +270,9 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
static
int
dh_init
(
DH
*
dh
)
{
#ifdef OPENSSL_FIPS
FIPS_selftest_check
();
#endif
dh
->
flags
|=
DH_FLAG_CACHE_MONT_P
;
return
(
1
);
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录