From 15272ab4ed1e6250412fccd48200ed9eae59608f Mon Sep 17 00:00:00 2001 From: marha Date: Mon, 29 Mar 2010 17:08:02 +0000 Subject: Updated to openssl 1.0.0 --- openssl/crypto/dh/Makefile | 63 +++++- openssl/crypto/dh/dh.h | 41 ++-- openssl/crypto/dh/dh_ameth.c | 500 +++++++++++++++++++++++++++++++++++++++++++ openssl/crypto/dh/dh_asn1.c | 10 +- openssl/crypto/dh/dh_check.c | 8 +- openssl/crypto/dh/dh_err.c | 21 +- openssl/crypto/dh/dh_gen.c | 4 - openssl/crypto/dh/dh_key.c | 4 - openssl/crypto/dh/dh_pmeth.c | 254 ++++++++++++++++++++++ openssl/crypto/dh/dh_prn.c | 80 +++++++ 10 files changed, 939 insertions(+), 46 deletions(-) create mode 100644 openssl/crypto/dh/dh_ameth.c create mode 100644 openssl/crypto/dh/dh_pmeth.c create mode 100644 openssl/crypto/dh/dh_prn.c (limited to 'openssl/crypto/dh') diff --git a/openssl/crypto/dh/Makefile b/openssl/crypto/dh/Makefile index d01fa960e..f23b4f7fd 100644 --- a/openssl/crypto/dh/Makefile +++ b/openssl/crypto/dh/Makefile @@ -17,8 +17,10 @@ TEST= dhtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c -LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o +LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \ + dh_ameth.c dh_pmeth.c dh_prn.c +LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o \ + dh_ameth.o dh_pmeth.o dh_prn.o SRC= $(LIBSRC) @@ -33,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -74,6 +76,21 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +dh_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +dh_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_ameth.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +dh_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +dh_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dh_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dh_ameth.o: ../../include/openssl/opensslconf.h +dh_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dh_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dh_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +dh_ameth.o: dh_ameth.c dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -129,11 +146,35 @@ dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c +dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +dh_lib.o: ../cryptlib.h dh_lib.c +dh_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +dh_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +dh_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dh_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dh_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dh_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +dh_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dh_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dh_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dh_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h +dh_pmeth.o: dh_pmeth.c +dh_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +dh_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_prn.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dh_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dh_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_prn.c diff --git a/openssl/crypto/dh/dh.h b/openssl/crypto/dh/dh.h index 10475ac4b..849309a48 100644 --- a/openssl/crypto/dh/dh.h +++ b/openssl/crypto/dh/dh.h @@ -77,8 +77,6 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif -#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 - #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH * implementation now uses constant time @@ -159,7 +157,6 @@ struct dh_st this for backward compatibility: */ #define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) #define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ @@ -167,12 +164,9 @@ struct dh_st #define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) -const DH_METHOD *DH_OpenSSL(void); +DH *DHparams_dup(DH *); -#ifdef OPENSSL_FIPS -DH * FIPS_dh_new(void); -void FIPS_dh_free(DH *dh); -#endif +const DH_METHOD *DH_OpenSSL(void); void DH_set_default_method(const DH_METHOD *meth); const DH_METHOD *DH_get_default_method(void); @@ -212,6 +206,18 @@ int DHparams_print(BIO *bp, const DH *x); int DHparams_print(char *bp, const DH *x); #endif +#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) + + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -222,22 +228,31 @@ void ERR_load_DH_strings(void); /* Function codes. */ #define DH_F_COMPUTE_KEY 102 -#define DH_F_DHPARAMS_PRINT 100 #define DH_F_DHPARAMS_PRINT_FP 101 #define DH_F_DH_BUILTIN_GENPARAMS 106 -#define DH_F_DH_COMPUTE_KEY 107 -#define DH_F_DH_GENERATE_KEY 108 -#define DH_F_DH_GENERATE_PARAMETERS 109 #define DH_F_DH_NEW_METHOD 105 +#define DH_F_DH_PARAM_DECODE 107 +#define DH_F_DH_PRIV_DECODE 110 +#define DH_F_DH_PRIV_ENCODE 111 +#define DH_F_DH_PUB_DECODE 108 +#define DH_F_DH_PUB_ENCODE 109 +#define DH_F_DO_DH_PRINT 100 #define DH_F_GENERATE_KEY 103 #define DH_F_GENERATE_PARAMETERS 104 +#define DH_F_PKEY_DH_DERIVE 112 +#define DH_F_PKEY_DH_KEYGEN 113 /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 +#define DH_R_BN_DECODE_ERROR 109 +#define DH_R_BN_ERROR 106 +#define DH_R_DECODE_ERROR 104 #define DH_R_INVALID_PUBKEY 102 -#define DH_R_KEY_SIZE_TOO_SMALL 104 +#define DH_R_KEYS_NOT_SET 108 #define DH_R_MODULUS_TOO_LARGE 103 +#define DH_R_NO_PARAMETERS_SET 107 #define DH_R_NO_PRIVATE_VALUE 100 +#define DH_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus } diff --git a/openssl/crypto/dh/dh_ameth.c b/openssl/crypto/dh/dh_ameth.c new file mode 100644 index 000000000..377caf96c --- /dev/null +++ b/openssl/crypto/dh/dh_ameth.c @@ -0,0 +1,500 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include "asn1_locl.h" + +static void int_dh_free(EVP_PKEY *pkey) + { + DH_free(pkey->pkey.dh); + } + +static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + + DH *dh = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype != V_ASN1_SEQUENCE) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR); + goto err; + } + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + + if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + + if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + + /* We have parameters now set public key */ + if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); + goto err; + } + + ASN1_INTEGER_free(public_key); + EVP_PKEY_assign_DH(pkey, dh); + return 1; + + err: + if (public_key) + ASN1_INTEGER_free(public_key); + if (dh) + DH_free(dh); + return 0; + + } + +static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + { + DH *dh; + void *pval = NULL; + int ptype; + unsigned char *penc = NULL; + int penclen; + ASN1_STRING *str; + ASN1_INTEGER *pub_key = NULL; + + dh=pkey->pkey.dh; + + str = ASN1_STRING_new(); + str->length = i2d_DHparams(dh, &str->data); + if (str->length <= 0) + { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + pval = str; + ptype = V_ASN1_SEQUENCE; + + pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); + if (!pub_key) + goto err; + + penclen = i2d_ASN1_INTEGER(pub_key, &penc); + + ASN1_INTEGER_free(pub_key); + + if (penclen <= 0) + { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), + ptype, pval, penc, penclen)) + return 1; + + err: + if (penc) + OPENSSL_free(penc); + if (pval) + ASN1_STRING_free(pval); + + return 0; + } + + +/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in + * that the AlgorithmIdentifier contains the paramaters, the private key + * is explcitly included and the pubkey must be recalculated. + */ + +static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *privkey = NULL; + + DH *dh = NULL; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype != V_ASN1_SEQUENCE) + goto decerr; + + if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) + goto decerr; + + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) + goto decerr; + /* We have parameters now set private key */ + if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) + { + DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR); + goto dherr; + } + /* Calculate public key */ + if (!DH_generate_key(dh)) + goto dherr; + + EVP_PKEY_assign_DH(pkey, dh); + + ASN1_INTEGER_free(privkey); + + return 1; + + decerr: + DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); + dherr: + DH_free(dh); + return 0; + } + +static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +{ + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + unsigned char *dp = NULL; + int dplen; + + params = ASN1_STRING_new(); + + if (!params) + { + DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + goto err; + } + + params->length = i2d_DHparams(pkey->pkey.dh, ¶ms->data); + if (params->length <= 0) + { + DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); + goto err; + } + params->type = V_ASN1_SEQUENCE; + + /* Get private key into integer */ + prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL); + + if (!prkey) + { + DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR); + goto err; + } + + dplen = i2d_ASN1_INTEGER(prkey, &dp); + + ASN1_INTEGER_free(prkey); + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0, + V_ASN1_SEQUENCE, params, dp, dplen)) + goto err; + + return 1; + +err: + if (dp != NULL) + OPENSSL_free(dp); + if (params != NULL) + ASN1_STRING_free(params); + if (prkey != NULL) + ASN1_INTEGER_free(prkey); + return 0; +} + + +static void update_buflen(const BIGNUM *b, size_t *pbuflen) + { + size_t i; + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; + } + +static int dh_param_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + DH *dh; + if (!(dh = d2i_DHparams(NULL, pder, derlen))) + { + DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); + return 0; + } + EVP_PKEY_assign_DH(pkey, dh); + return 1; + } + +static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_DHparams(pkey->pkey.dh, pder); + } + +static int do_dh_print(BIO *bp, const DH *x, int indent, + ASN1_PCTX *ctx, int ptype) + { + unsigned char *m=NULL; + int reason=ERR_R_BUF_LIB,ret=0; + size_t buf_len=0; + + const char *ktype = NULL; + + BIGNUM *priv_key, *pub_key; + + if (ptype == 2) + priv_key = x->priv_key; + else + priv_key = NULL; + + if (ptype > 0) + pub_key = x->pub_key; + else + pub_key = NULL; + + update_buflen(x->p, &buf_len); + + if (buf_len == 0) + { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + update_buflen(x->g, &buf_len); + update_buflen(pub_key, &buf_len); + update_buflen(priv_key, &buf_len); + + if (ptype == 2) + ktype = "PKCS#3 DH Private-Key"; + else if (ptype == 1) + ktype = "PKCS#3 DH Public-Key"; + else + ktype = "PKCS#3 DH Parameters"; + + m= OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + reason=ERR_R_MALLOC_FAILURE; + goto err; + } + + BIO_indent(bp, indent, 128); + if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) + goto err; + indent += 4; + + if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err; + if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err; + + if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err; + if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err; + if (x->length != 0) + { + BIO_indent(bp, indent, 128); + if (BIO_printf(bp,"recommended-private-length: %d bits\n", + (int)x->length) <= 0) goto err; + } + + + ret=1; + if (0) + { +err: + DHerr(DH_F_DO_DH_PRINT,reason); + } + if (m != NULL) OPENSSL_free(m); + return(ret); + } + +static int int_dh_size(const EVP_PKEY *pkey) + { + return(DH_size(pkey->pkey.dh)); + } + +static int dh_bits(const EVP_PKEY *pkey) + { + return BN_num_bits(pkey->pkey.dh->p); + } + +static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) + { + if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) || + BN_cmp(a->pkey.dh->g,b->pkey.dh->g)) + return 0; + else + return 1; + } + +static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + { + BIGNUM *a; + + if ((a=BN_dup(from->pkey.dh->p)) == NULL) + return 0; + if (to->pkey.dh->p != NULL) + BN_free(to->pkey.dh->p); + to->pkey.dh->p=a; + + if ((a=BN_dup(from->pkey.dh->g)) == NULL) + return 0; + if (to->pkey.dh->g != NULL) + BN_free(to->pkey.dh->g); + to->pkey.dh->g=a; + + return 1; + } + +static int dh_missing_parameters(const EVP_PKEY *a) + { + if (!a->pkey.dh->p || !a->pkey.dh->g) + return 1; + return 0; + } + +static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (dh_cmp_parameters(a, b) == 0) + return 0; + if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0) + return 0; + else + return 1; + } + +static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); + } + +static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); + } + +static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); + } + +int DHparams_print(BIO *bp, const DH *x) + { + return do_dh_print(bp, x, 4, NULL, 0); + } + +const EVP_PKEY_ASN1_METHOD dh_asn1_meth = + { + EVP_PKEY_DH, + EVP_PKEY_DH, + 0, + + "DH", + "OpenSSL PKCS#3 DH method", + + dh_pub_decode, + dh_pub_encode, + dh_pub_cmp, + dh_public_print, + + dh_priv_decode, + dh_priv_encode, + dh_private_print, + + int_dh_size, + dh_bits, + + dh_param_decode, + dh_param_encode, + dh_missing_parameters, + dh_copy_parameters, + dh_cmp_parameters, + dh_param_print, + + int_dh_free, + 0 + }; + diff --git a/openssl/crypto/dh/dh_asn1.c b/openssl/crypto/dh/dh_asn1.c index 76740af2b..0b4357d60 100644 --- a/openssl/crypto/dh/dh_asn1.c +++ b/openssl/crypto/dh/dh_asn1.c @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,7 +64,8 @@ #include /* Override the default free and new methods */ -static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)DH_new(); @@ -85,3 +86,8 @@ ASN1_SEQUENCE_cb(DHparams, dh_cb) = { } ASN1_SEQUENCE_END_cb(DH, DHparams) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) + +DH *DHparams_dup(DH *dh) + { + return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh); + } diff --git a/openssl/crypto/dh/dh_check.c b/openssl/crypto/dh/dh_check.c index 316cb9221..066898174 100644 --- a/openssl/crypto/dh/dh_check.c +++ b/openssl/crypto/dh/dh_check.c @@ -70,8 +70,6 @@ * should hold. */ -#ifndef OPENSSL_FIPS - int DH_check(const DH *dh, int *ret) { int ok=0; @@ -130,11 +128,11 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) q=BN_new(); if (q == NULL) goto err; BN_set_word(q,1); - if (BN_cmp(pub_key,q) <= 0) + if (BN_cmp(pub_key,q)<=0) *ret|=DH_CHECK_PUBKEY_TOO_SMALL; BN_copy(q,dh->p); BN_sub_word(q,1); - if (BN_cmp(pub_key,q) >= 0) + if (BN_cmp(pub_key,q)>=0) *ret|=DH_CHECK_PUBKEY_TOO_LARGE; ok = 1; @@ -142,5 +140,3 @@ err: if (q != NULL) BN_free(q); return(ok); } - -#endif diff --git a/openssl/crypto/dh/dh_err.c b/openssl/crypto/dh/dh_err.c index 13263c81c..d5cf0c22a 100644 --- a/openssl/crypto/dh/dh_err.c +++ b/openssl/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* crypto/dh/dh_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,25 +71,34 @@ static ERR_STRING_DATA DH_str_functs[]= { {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, -{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, -{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, -{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, -{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, +{ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"}, +{ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"}, +{ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"}, +{ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"}, +{ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"}, +{ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"}, {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, +{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"}, +{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"}, {0,NULL} }; static ERR_STRING_DATA DH_str_reasons[]= { {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, +{ERR_REASON(DH_R_BN_DECODE_ERROR) ,"bn decode error"}, +{ERR_REASON(DH_R_BN_ERROR) ,"bn error"}, +{ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, -{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, +{ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +{ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, +{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, {0,NULL} }; diff --git a/openssl/crypto/dh/dh_gen.c b/openssl/crypto/dh/dh_gen.c index 999e1deb4..cfd5b1186 100644 --- a/openssl/crypto/dh/dh_gen.c +++ b/openssl/crypto/dh/dh_gen.c @@ -66,8 +66,6 @@ #include #include -#ifndef OPENSSL_FIPS - static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) @@ -175,5 +173,3 @@ err: } return ok; } - -#endif diff --git a/openssl/crypto/dh/dh_key.c b/openssl/crypto/dh/dh_key.c index 79dd33186..e7db44034 100644 --- a/openssl/crypto/dh/dh_key.c +++ b/openssl/crypto/dh/dh_key.c @@ -62,8 +62,6 @@ #include #include -#ifndef OPENSSL_FIPS - static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, @@ -263,5 +261,3 @@ static int dh_finish(DH *dh) BN_MONT_CTX_free(dh->method_mont_p); return(1); } - -#endif diff --git a/openssl/crypto/dh/dh_pmeth.c b/openssl/crypto/dh/dh_pmeth.c new file mode 100644 index 000000000..5ae72b7d4 --- /dev/null +++ b/openssl/crypto/dh/dh_pmeth.c @@ -0,0 +1,254 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include +#include "evp_locl.h" + +/* DH pkey context structure */ + +typedef struct + { + /* Parameter gen parameters */ + int prime_len; + int generator; + int use_dsa; + /* Keygen callback info */ + int gentmp[2]; + /* message digest */ + } DH_PKEY_CTX; + +static int pkey_dh_init(EVP_PKEY_CTX *ctx) + { + DH_PKEY_CTX *dctx; + dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX)); + if (!dctx) + return 0; + dctx->prime_len = 1024; + dctx->generator = 2; + dctx->use_dsa = 0; + + ctx->data = dctx; + ctx->keygen_info = dctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; + } + +static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + DH_PKEY_CTX *dctx, *sctx; + if (!pkey_dh_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->prime_len = sctx->prime_len; + dctx->generator = sctx->generator; + dctx->use_dsa = sctx->use_dsa; + return 1; + } + +static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) + { + DH_PKEY_CTX *dctx = ctx->data; + if (dctx) + OPENSSL_free(dctx); + } + +static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + DH_PKEY_CTX *dctx = ctx->data; + switch (type) + { + case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: + if (p1 < 256) + return -2; + dctx->prime_len = p1; + return 1; + + case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: + dctx->generator = p1; + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + /* Default behaviour is OK */ + return 1; + + default: + return -2; + + } + } + + +static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!strcmp(type, "dh_paramgen_prime_len")) + { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); + } + if (!strcmp(type, "dh_paramgen_generator")) + { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); + } + return -2; + } + +static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DH *dh = NULL; + DH_PKEY_CTX *dctx = ctx->data; + BN_GENCB *pcb, cb; + int ret; + if (ctx->pkey_gencb) + { + pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } + else + pcb = NULL; + dh = DH_new(); + if (!dh) + return 0; + ret = DH_generate_parameters_ex(dh, + dctx->prime_len, dctx->generator, pcb); + if (ret) + EVP_PKEY_assign_DH(pkey, dh); + else + DH_free(dh); + return ret; + } + +static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DH *dh = NULL; + if (ctx->pkey == NULL) + { + DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET); + return 0; + } + dh = DH_new(); + if (!dh) + return 0; + EVP_PKEY_assign_DH(pkey, dh); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return DH_generate_key(pkey->pkey.dh); + } + +static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) + { + int ret; + if (!ctx->pkey || !ctx->peerkey) + { + DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET); + return 0; + } + ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key, + ctx->pkey->pkey.dh); + if (ret < 0) + return ret; + *keylen = ret; + return 1; + } + +const EVP_PKEY_METHOD dh_pkey_meth = + { + EVP_PKEY_DH, + EVP_PKEY_FLAG_AUTOARGLEN, + pkey_dh_init, + pkey_dh_copy, + pkey_dh_cleanup, + + 0, + pkey_dh_paramgen, + + 0, + pkey_dh_keygen, + + 0, + 0, + + 0, + 0, + + 0,0, + + 0,0,0,0, + + 0,0, + + 0,0, + + 0, + pkey_dh_derive, + + pkey_dh_ctrl, + pkey_dh_ctrl_str + + }; diff --git a/openssl/crypto/dh/dh_prn.c b/openssl/crypto/dh/dh_prn.c new file mode 100644 index 000000000..ae58c2ac8 --- /dev/null +++ b/openssl/crypto/dh/dh_prn.c @@ -0,0 +1,80 @@ +/* crypto/asn1/t_pkey.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "cryptlib.h" +#include +#include + +#ifndef OPENSSL_NO_FP_API +int DHparams_print_fp(FILE *fp, const DH *x) + { + BIO *b; + int ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=DHparams_print(b, x); + BIO_free(b); + return(ret); + } +#endif -- cgit v1.2.3