while implementing and using it.
Changes between 0.9.3a and 0.9.4 [xx Aug 1999]
+ *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
+ DH parameters/keys (q is lost during that conversion, but the resulting
+ DH parameters contain its length).
+
+ For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
+ much faster than DH_generate_parameters (which creates parameters
+ where p = 2*q + 1), and also the smaller q makes DH computations
+ much more efficient (160-bit exponentiation instead of 1024-bit
+ exponentiation); so this provides a convenient way to support DHE
+ ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
+ utter importance to use
+ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+ or
+ SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+ when such DH parameters are used, because otherwise small subgroup
+ attacks may become possible!
+ [Bodo Moeller]
+
+ *) Avoid memory leak in i2d_DHparams.
+ [Bodo Moeller]
+
*) Allow the -k option to be used more than once in the enc program:
this allows the same encrypted message to be read by multiple recipients.
[Steve Henson]
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
done;
- cd perl; $(PERL) Makefile.PL; make
+ # cd perl; $(PERL) Makefile.PL; make
sub_all:
@for i in $(DIRS) ;\
OpenSSL STATUS Last modified at
- ______________ $Date: 1999/08/05 00:15:15 $
+ ______________ $Date: 1999/08/05 11:50:09 $
DEVELOPMENT STATE
WISHES
- o Support optional q component in DH parameters to speed up
- SSL ciphersuites with ephemeral DH.
+ o
d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_dsap.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-d2i_dsap.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_dsap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_dsap.o: ../../include/openssl/opensslconf.h
d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
d2i_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_s_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-d2i_s_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_s_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_s_pr.o: ../../include/openssl/opensslconf.h
d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
d2i_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-d2i_s_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-d2i_s_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-d2i_s_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+d2i_s_pu.o: ../../include/openssl/opensslconf.h
d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
d2i_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_dsap.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-i2d_dsap.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_dsap.o: ../../include/openssl/opensslconf.h
+i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
i2d_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_s_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-i2d_s_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_s_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_s_pr.o: ../../include/openssl/opensslconf.h
i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
i2d_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_s_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-i2d_s_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_s_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
+i2d_s_pu.o: ../../include/openssl/opensslconf.h
i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
i2d_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
}
t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
- if (pp == NULL) return(t);
+ if (pp == NULL)
+ {
+ if (num[2] != NULL)
+ BN_free(num[2]);
+ return(t);
+ }
p= *pp;
ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
BN_CTX *ctx=NULL;
ret=DH_new();
+ if (ret == NULL) goto err;
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
t1= &(ctx->bn[0]);
dsa_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
dsa_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
dsa_asn1.o: ../../include/openssl/stack.h ../cryptlib.h
-dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/dsa.h
-dsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_err.o: ../../include/openssl/bn.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/err.h
+dsa_err.o: ../../include/openssl/opensslconf.h
dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/sha.h
-dsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../cryptlib.h
dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/sha.h
-dsa_key.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_key.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_key.o: ../cryptlib.h
dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-dsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
-dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-dsa_lib.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_lib.o: ../cryptlib.h
dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-dsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
-dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dsa_sign.o: ../cryptlib.h
dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
-dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_vrf.o: ../../include/openssl/stack.h ../cryptlib.h
+dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../cryptlib.h
#endif
#include <openssl/bn.h>
+#ifndef NO_DH
+# include <openssl/dh.h>
+#endif
#define DSA_FLAG_CACHE_MONT_P 0x01
int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg);
+#ifndef NO_DH
+/* Convert DSA structure (key or just parameters) into DH structure
+ * (be careful to avoid small subgroup attacks when using this!) */
+DH *DSA_dup_DH(DSA *r);
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
return(ret);
}
+#ifndef NO_DH
+DH *DSA_dup_DH(DSA *r)
+ {
+ /* DSA has p, q, g, optional pub_key, optional priv_key.
+ * DH has p, optional length, g, optional pub_key, optional priv_key.
+ */
+
+ DH *ret;
+
+ if (r == NULL)
+ goto err;
+ ret = DH_new();
+ if (ret == NULL)
+ goto err;
+ if (r->p != NULL)
+ if ((ret->p = BN_dup(r->p)) == NULL)
+ goto err;
+ if (r->q != NULL)
+ ret->length = BN_num_bits(r->q);
+ if (r->g != NULL)
+ if ((ret->g = BN_dup(r->g)) == NULL)
+ goto err;
+ if (r->pub_key != NULL)
+ if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
+ goto err;
+ if (r->priv_key != NULL)
+ if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
+ goto err;
+
+ return ret;
+
+ err:
+ if (ret != NULL)
+ DH_free(ret);
+ return NULL;
+ }
+#endif
fprintf(stderr," -reuse - use session-id reuse\n");
fprintf(stderr," -num <val> - number of connections to perform\n");
fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
+#if !defined NO_DH && !defined NO_DSA
+ fprintf(stderr," -dhe1024 - generate 1024 bit key for DHE\n");
+#endif
#ifndef NO_SSL2
fprintf(stderr," -ssl2 - use SSLv2\n");
#endif
int number=1,reuse=0;
long bytes=1L;
SSL_CIPHER *ciph;
+ int dhe1024 = 0;
#ifndef NO_DH
DH *dh;
#endif
debug=1;
else if (strcmp(*argv,"-reuse") == 0)
reuse=1;
+ else if (strcmp(*argv,"-dhe1024") == 0)
+ dhe1024=1;
else if (strcmp(*argv,"-ssl2") == 0)
ssl2=1;
else if (strcmp(*argv,"-tls1") == 0)
}
#ifndef NO_DH
- dh=get_dh512();
+# ifndef NO_DSA
+ if (dhe1024)
+ {
+ DSA *dsa;
+
+ if (verbose)
+ {
+ fprintf(stdout, "Creating 1024 bit DHE parameters ...");
+ fflush(stdout);
+ }
+
+ dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
+ dh = DSA_dup_DH(dsa);
+ DSA_free(dsa);
+ /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+
+ if (verbose)
+ fprintf(stdout, " done\n");
+ }
+ else
+# endif
+ dh=get_dh512();
SSL_CTX_set_tmp_dh(s_ctx,dh);
DH_free(dh);
#endif
dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
dhtest.o: ../include/openssl/stack.h
dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-dsatest.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-dsatest.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
-dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
-dsatest.o: ../include/openssl/stack.h
+dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
+dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsatest.o: ../include/openssl/rand.h ../include/openssl/stack.h
exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
projects / thirdparty / openssl.git / commitdiff
