diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2008-08-23 10:51:00 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2008-08-23 10:51:00 +0000 |
| commit | c4a78426bef17a0a7c81195c2b2399e7441f14ad (patch) | |
| tree | 596c39f00d5968b1519e8cd7f0546412b14c20f0 /crypto/dh | |
| parent | a0ddfe4e7233d81e88a86217b7653708db2720fa (diff) | |
| download | src-c4a78426bef17a0a7c81195c2b2399e7441f14ad.tar.gz src-c4a78426bef17a0a7c81195c2b2399e7441f14ad.zip | |
Flatten OpenSSL vendor tree.
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=182044
Diffstat (limited to 'crypto/dh')
| -rw-r--r-- | crypto/dh/Makefile | 133 | ||||
| -rw-r--r-- | crypto/dh/dh.h | 234 | ||||
| -rw-r--r-- | crypto/dh/dh1024.pem | 5 | ||||
| -rw-r--r-- | crypto/dh/dh192.pem | 3 | ||||
| -rw-r--r-- | crypto/dh/dh2048.pem | 16 | ||||
| -rw-r--r-- | crypto/dh/dh4096.pem | 14 | ||||
| -rw-r--r-- | crypto/dh/dh512.pem | 4 | ||||
| -rw-r--r-- | crypto/dh/dh_asn1.c | 87 | ||||
| -rw-r--r-- | crypto/dh/dh_check.c | 142 | ||||
| -rw-r--r-- | crypto/dh/dh_depr.c | 83 | ||||
| -rw-r--r-- | crypto/dh/dh_err.c | 104 | ||||
| -rw-r--r-- | crypto/dh/dh_gen.c | 175 | ||||
| -rw-r--r-- | crypto/dh/dh_key.c | 263 | ||||
| -rw-r--r-- | crypto/dh/dh_lib.c | 247 | ||||
| -rw-r--r-- | crypto/dh/dhtest.c | 226 | ||||
| -rw-r--r-- | crypto/dh/example | 50 | ||||
| -rw-r--r-- | crypto/dh/generate | 65 | ||||
| -rw-r--r-- | crypto/dh/p1024.c | 92 | ||||
| -rw-r--r-- | crypto/dh/p192.c | 80 | ||||
| -rw-r--r-- | crypto/dh/p512.c | 85 |
20 files changed, 2108 insertions, 0 deletions
diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile new file mode 100644 index 000000000000..d368e33b4ced --- /dev/null +++ b/crypto/dh/Makefile @@ -0,0 +1,133 @@ +# +# OpenSSL/crypto/dh/Makefile +# + +DIR= dh +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= dhtest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c +LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o + +SRC= $(LIBSRC) + +EXHEADER= dh.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h +dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dh_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dh_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c +dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dh_check.o: ../../include/openssl/opensslconf.h +dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c +dh_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_depr.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_depr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dh_depr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_depr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dh_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dh_depr.o: ../cryptlib.h dh_depr.c +dh_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +dh_err.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dh_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dh_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dh_err.o: dh_err.c +dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dh_gen.o: ../cryptlib.h dh_gen.c +dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c +dh_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_lib.c diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h new file mode 100644 index 000000000000..ccdf35ae1c27 --- /dev/null +++ b/crypto/dh/dh.h @@ -0,0 +1,234 @@ +/* crypto/dh/dh.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_DH_H +#define HEADER_DH_H + +#include <openssl/e_os2.h> + +#ifdef OPENSSL_NO_DH +#error DH is disabled. +#endif + +#ifndef OPENSSL_NO_BIO +#include <openssl/bio.h> +#endif +#include <openssl/ossl_typ.h> +#ifndef OPENSSL_NO_DEPRECATED +#include <openssl/bn.h> +#endif + +#ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +#endif + +#define DH_FLAG_CACHE_MONT_P 0x01 +#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ + +struct dh_method + { + const char *name; + /* Methods here */ + int (*generate_key)(DH *dh); + int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); + int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ + + int (*init)(DH *dh); + int (*finish)(DH *dh); + int flags; + char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); + }; + +struct dh_st + { + /* This first argument is used to pick up errors when + * a DH is passed instead of a EVP_PKEY */ + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; /* optional */ + BIGNUM *pub_key; /* g^x */ + BIGNUM *priv_key; /* x */ + + int flags; + BN_MONT_CTX *method_mont_p; + /* Place holders if we want to do X9.42 DH */ + BIGNUM *q; + BIGNUM *j; + unsigned char *seed; + int seedlen; + BIGNUM *counter; + + int references; + CRYPTO_EX_DATA ex_data; + const DH_METHOD *meth; + ENGINE *engine; + }; + +#define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +#define DH_GENERATOR_5 5 + +/* DH_check error codes */ +#define DH_CHECK_P_NOT_PRIME 0x01 +#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +#define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +#define DH_NOT_SUITABLE_GENERATOR 0x08 + +/* DH_check_pub_key error codes */ +#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 + +/* primes p where (p-1)/2 is prime too are called "safe"; we define + this for backward compatibility: */ +#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) +#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) +#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ + (unsigned char *)(x)) +#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) +#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +const DH_METHOD *DH_OpenSSL(void); + +void DH_set_default_method(const DH_METHOD *meth); +const DH_METHOD *DH_get_default_method(void); +int DH_set_method(DH *dh, const DH_METHOD *meth); +DH *DH_new_method(ENGINE *engine); + +DH * DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +int DH_size(const DH *dh); +int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int DH_set_ex_data(DH *d, int idx, void *arg); +void *DH_get_ex_data(DH *d, int idx); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED +DH * DH_generate_parameters(int prime_len,int generator, + void (*callback)(int,int,void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); + +int DH_check(const DH *dh,int *codes); +int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); +DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); +int i2d_DHparams(const DH *a,unsigned char **pp); +#ifndef OPENSSL_NO_FP_API +int DHparams_print_fp(FILE *fp, const DH *x); +#endif +#ifndef OPENSSL_NO_BIO +int DHparams_print(BIO *bp, const DH *x); +#else +int DHparams_print(char *bp, const DH *x); +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_DH_strings(void); + +/* Error codes for the DH functions. */ + +/* Function codes. */ +#define DH_F_COMPUTE_KEY 102 +#define DH_F_DHPARAMS_PRINT 100 +#define DH_F_DHPARAMS_PRINT_FP 101 +#define DH_F_DH_BUILTIN_GENPARAMS 106 +#define DH_F_DH_NEW_METHOD 105 +#define DH_F_GENERATE_KEY 103 +#define DH_F_GENERATE_PARAMETERS 104 + +/* Reason codes. */ +#define DH_R_BAD_GENERATOR 101 +#define DH_R_INVALID_PUBKEY 102 +#define DH_R_MODULUS_TOO_LARGE 103 +#define DH_R_NO_PRIVATE_VALUE 100 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/dh/dh1024.pem b/crypto/dh/dh1024.pem new file mode 100644 index 000000000000..81d43f6a3eae --- /dev/null +++ b/crypto/dh/dh1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq +/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx +/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC +-----END DH PARAMETERS----- diff --git a/crypto/dh/dh192.pem b/crypto/dh/dh192.pem new file mode 100644 index 000000000000..521c07271d0d --- /dev/null +++ b/crypto/dh/dh192.pem @@ -0,0 +1,3 @@ +-----BEGIN DH PARAMETERS----- +MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM= +-----END DH PARAMETERS----- diff --git a/crypto/dh/dh2048.pem b/crypto/dh/dh2048.pem new file mode 100644 index 000000000000..295460f5081e --- /dev/null +++ b/crypto/dh/dh2048.pem @@ -0,0 +1,16 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o +AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh +z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo +pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW +aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA +Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg== +-----END DH PARAMETERS----- +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5 +8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F +SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt +gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok +yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N +a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg== +-----END DH PARAMETERS----- diff --git a/crypto/dh/dh4096.pem b/crypto/dh/dh4096.pem new file mode 100644 index 000000000000..390943a21dc4 --- /dev/null +++ b/crypto/dh/dh4096.pem @@ -0,0 +1,14 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7 +vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H +TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF +bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1 +rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE +EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9 +bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3 +W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH +ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb +NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR +jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI= +-----END DH PARAMETERS----- + diff --git a/crypto/dh/dh512.pem b/crypto/dh/dh512.pem new file mode 100644 index 000000000000..0a4d863ebe27 --- /dev/null +++ b/crypto/dh/dh512.pem @@ -0,0 +1,4 @@ +-----BEGIN DH PARAMETERS----- +MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn +a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC +-----END DH PARAMETERS----- diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c new file mode 100644 index 000000000000..769b5b68c53f --- /dev/null +++ b/crypto/dh/dh_asn1.c @@ -0,0 +1,87 @@ +/* dh_asn1.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/bn.h> +#include <openssl/dh.h> +#include <openssl/objects.h> +#include <openssl/asn1t.h> + +/* Override the default free and new methods */ +static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + if(operation == ASN1_OP_NEW_PRE) { + *pval = (ASN1_VALUE *)DH_new(); + if(*pval) return 2; + return 0; + } else if(operation == ASN1_OP_FREE_PRE) { + DH_free((DH *)*pval); + *pval = NULL; + return 2; + } + return 1; +} + +ASN1_SEQUENCE_cb(DHparams, dh_cb) = { + ASN1_SIMPLE(DH, p, BIGNUM), + ASN1_SIMPLE(DH, g, BIGNUM), + ASN1_OPT(DH, length, ZLONG), +} ASN1_SEQUENCE_END_cb(DH, DHparams) + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c new file mode 100644 index 000000000000..058aec75bcd9 --- /dev/null +++ b/crypto/dh/dh_check.c @@ -0,0 +1,142 @@ +/* crypto/dh/dh_check.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/bn.h> +#include <openssl/dh.h> + +/* Check that p is a safe prime and + * if g is 2, 3 or 5, check that is is a suitable generator + * where + * for 2, p mod 24 == 11 + * for 3, p mod 12 == 5 + * for 5, p mod 10 == 3 or 7 + * should hold. + */ + +int DH_check(const DH *dh, int *ret) + { + int ok=0; + BN_CTX *ctx=NULL; + BN_ULONG l; + BIGNUM *q=NULL; + + *ret=0; + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + q=BN_new(); + if (q == NULL) goto err; + + if (BN_is_word(dh->g,DH_GENERATOR_2)) + { + l=BN_mod_word(dh->p,24); + if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; + } +#if 0 + else if (BN_is_word(dh->g,DH_GENERATOR_3)) + { + l=BN_mod_word(dh->p,12); + if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; + } +#endif + else if (BN_is_word(dh->g,DH_GENERATOR_5)) + { + l=BN_mod_word(dh->p,10); + if ((l != 3) && (l != 7)) + *ret|=DH_NOT_SUITABLE_GENERATOR; + } + else + *ret|=DH_UNABLE_TO_CHECK_GENERATOR; + + if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) + *ret|=DH_CHECK_P_NOT_PRIME; + else + { + if (!BN_rshift1(q,dh->p)) goto err; + if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL)) + *ret|=DH_CHECK_P_NOT_SAFE_PRIME; + } + ok=1; +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (q != NULL) BN_free(q); + return(ok); + } + +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) + { + int ok=0; + BIGNUM *q=NULL; + + *ret=0; + q=BN_new(); + if (q == NULL) goto err; + BN_set_word(q,1); + if (BN_cmp(pub_key,q) <= 0) + *ret|=DH_CHECK_PUBKEY_TOO_SMALL; + BN_copy(q,dh->p); + BN_sub_word(q,1); + if (BN_cmp(pub_key,q) >= 0) + *ret|=DH_CHECK_PUBKEY_TOO_LARGE; + + ok = 1; +err: + if (q != NULL) BN_free(q); + return(ok); + } diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c new file mode 100644 index 000000000000..acc05f252c1e --- /dev/null +++ b/crypto/dh/dh_depr.c @@ -0,0 +1,83 @@ +/* crypto/dh/dh_depr.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +/* This file contains deprecated functions as wrappers to the new ones */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/bn.h> +#include <openssl/dh.h> + +static void *dummy=&dummy; + +#ifndef OPENSSL_NO_DEPRECATED +DH *DH_generate_parameters(int prime_len, int generator, + void (*callback)(int,int,void *), void *cb_arg) + { + BN_GENCB cb; + DH *ret=NULL; + + if((ret=DH_new()) == NULL) + return NULL; + + BN_GENCB_set_old(&cb, callback, cb_arg); + + if(DH_generate_parameters_ex(ret, prime_len, generator, &cb)) + return ret; + DH_free(ret); + return NULL; + } +#endif diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c new file mode 100644 index 000000000000..a2d8196ecbd7 --- /dev/null +++ b/crypto/dh/dh_err.c @@ -0,0 +1,104 @@ +/* crypto/dh/dh_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include <stdio.h> +#include <openssl/err.h> +#include <openssl/dh.h> + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) + +static ERR_STRING_DATA DH_str_functs[]= + { +{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, +{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, +{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, +{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, +{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, +{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, +{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, +{0,NULL} + }; + +static ERR_STRING_DATA DH_str_reasons[]= + { +{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, +{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, +{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, +{0,NULL} + }; + +#endif + +void ERR_load_DH_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(DH_str_functs[0].error) == NULL) + { + ERR_load_strings(0,DH_str_functs); + ERR_load_strings(0,DH_str_reasons); + } +#endif + } diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c new file mode 100644 index 000000000000..cfd5b118681e --- /dev/null +++ b/crypto/dh/dh_gen.c @@ -0,0 +1,175 @@ +/* crypto/dh/dh_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* NB: These functions have been upgraded - the previous prototypes are in + * dh_depr.c as wrappers to these ones. + * - Geoff + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/bn.h> +#include <openssl/dh.h> + +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); + +int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) + { + if(ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); + return dh_builtin_genparams(ret, prime_len, generator, cb); + } + +/* We generate DH parameters as follows + * find a prime q which is prime_len/2 bits long. + * p=(2*q)+1 or (p-1)/2 = q + * For this case, g is a generator if + * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1. + * Since the factors of p-1 are q and 2, we just need to check + * g^2 mod p != 1 and g^q mod p != 1. + * + * Having said all that, + * there is another special case method for the generators 2, 3 and 5. + * for 2, p mod 24 == 11 + * for 3, p mod 12 == 5 <<<<< does not work for safe primes. + * for 5, p mod 10 == 3 or 7 + * + * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the + * special generators and for answering some of my questions. + * + * I've implemented the second simple method :-). + * Since DH should be using a safe prime (both p and q are prime), + * this generator function can take a very very long time to run. + */ +/* Actually there is no reason to insist that 'generator' be a generator. + * It's just as OK (and in some sense better) to use a generator of the + * order-q subgroup. + */ +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) + { + BIGNUM *t1,*t2; + int g,ok= -1; + BN_CTX *ctx=NULL; + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + if (t1 == NULL || t2 == NULL) goto err; + + /* Make sure 'ret' has the necessary elements */ + if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err; + if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err; + + if (generator <= 1) + { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); + goto err; + } + if (generator == DH_GENERATOR_2) + { + if (!BN_set_word(t1,24)) goto err; + if (!BN_set_word(t2,11)) goto err; + g=2; + } +#if 0 /* does not work for safe primes */ + else if (generator == DH_GENERATOR_3) + { + if (!BN_set_word(t1,12)) goto err; + if (!BN_set_word(t2,5)) goto err; + g=3; + } +#endif + else if (generator == DH_GENERATOR_5) + { + if (!BN_set_word(t1,10)) goto err; + if (!BN_set_word(t2,3)) goto err; + /* BN_set_word(t3,7); just have to miss + * out on these ones :-( */ + g=5; + } + else + { + /* in the general case, don't worry if 'generator' is a + * generator or not: since we are using safe primes, + * it will generate either an order-q or an order-2q group, + * which both is OK */ + if (!BN_set_word(t1,2)) goto err; + if (!BN_set_word(t2,1)) goto err; + g=generator; + } + + if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err; + if(!BN_GENCB_call(cb, 3, 0)) goto err; + if (!BN_set_word(ret->g,g)) goto err; + ok=1; +err: + if (ok == -1) + { + DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB); + ok=0; + } + + if (ctx != NULL) + { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return ok; + } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c new file mode 100644 index 000000000000..37a2c1bca23f --- /dev/null +++ b/crypto/dh/dh_key.c @@ -0,0 +1,263 @@ +/* crypto/dh/dh_key.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/bn.h> +#include <openssl/rand.h> +#include <openssl/dh.h> + +static int generate_key(DH *dh); +static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); +static int dh_init(DH *dh); +static int dh_finish(DH *dh); + +int DH_generate_key(DH *dh) + { + return dh->meth->generate_key(dh); + } + +int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + { + return dh->meth->compute_key(key, pub_key, dh); + } + +static DH_METHOD dh_ossl = { +"OpenSSL DH Method", +generate_key, +compute_key, +dh_bn_mod_exp, +dh_init, +dh_finish, +0, +NULL, +NULL +}; + +const DH_METHOD *DH_OpenSSL(void) +{ + return &dh_ossl; +} + +static int generate_key(DH *dh) + { + int ok=0; + int generate_new_key=0; + unsigned l; + BN_CTX *ctx; + BN_MONT_CTX *mont=NULL; + BIGNUM *pub_key=NULL,*priv_key=NULL; + + ctx = BN_CTX_new(); + if (ctx == NULL) goto err; + + if (dh->priv_key == NULL) + { + priv_key=BN_new(); + if (priv_key == NULL) goto err; + generate_new_key=1; + } + else + priv_key=dh->priv_key; + + if (dh->pub_key == NULL) + { + pub_key=BN_new(); + if (pub_key == NULL) goto err; + } + else + pub_key=dh->pub_key; + + + if (dh->flags & DH_FLAG_CACHE_MONT_P) + { + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + if (!mont) + goto err; + } + + if (generate_new_key) + { + l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ + if (!BN_rand(priv_key, l, 0, 0)) goto err; + } + + { + BIGNUM local_prk; + BIGNUM *prk; + + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) + { + BN_init(&local_prk); + prk = &local_prk; + BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); + } + else + prk = priv_key; + + if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err; + } + + dh->pub_key=pub_key; + dh->priv_key=priv_key; + ok=1; +err: + if (ok != 1) + DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); + + if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); + if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); + BN_CTX_free(ctx); + return(ok); + } + +static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + { + BN_CTX *ctx=NULL; + BN_MONT_CTX *mont=NULL; + BIGNUM *tmp; + int ret= -1; + int check_result; + + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) + { + DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); + goto err; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) goto err; + BN_CTX_start(ctx); + tmp = BN_CTX_get(ctx); + + if (dh->priv_key == NULL) + { + DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); + goto err; + } + + if (dh->flags & DH_FLAG_CACHE_MONT_P) + { + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) + { + /* XXX */ + BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME); + } + if (!mont) + goto err; + } + + if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) + { + DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY); + goto err; + } + + if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) + { + DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); + goto err; + } + + ret=BN_bn2bin(tmp,key); +err: + if (ctx != NULL) + { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return(ret); + } + +static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx) + { + /* If a is only one word long and constant time is false, use the faster + * exponenentiation function. + */ + if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) + { + BN_ULONG A = a->d[0]; + return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); + } + else + return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx); + } + + +static int dh_init(DH *dh) + { + dh->flags |= DH_FLAG_CACHE_MONT_P; + return(1); + } + +static int dh_finish(DH *dh) + { + if(dh->method_mont_p) + BN_MONT_CTX_free(dh->method_mont_p); + return(1); + } diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c new file mode 100644 index 000000000000..7aef080e7abb --- /dev/null +++ b/crypto/dh/dh_lib.c @@ -0,0 +1,247 @@ +/* crypto/dh/dh_lib.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/bn.h> +#include <openssl/dh.h> +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif + +const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT; + +static const DH_METHOD *default_DH_method = NULL; + +void DH_set_default_method(const DH_METHOD *meth) + { + default_DH_method = meth; + } + +const DH_METHOD *DH_get_default_method(void) + { + if(!default_DH_method) + default_DH_method = DH_OpenSSL(); + return default_DH_method; + } + +int DH_set_method(DH *dh, const DH_METHOD *meth) + { + /* NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. */ + const DH_METHOD *mtmp; + mtmp = dh->meth; + if (mtmp->finish) mtmp->finish(dh); +#ifndef OPENSSL_NO_ENGINE + if (dh->engine) + { + ENGINE_finish(dh->engine); + dh->engine = NULL; + } +#endif + dh->meth = meth; + if (meth->init) meth->init(dh); + return 1; + } + +DH *DH_new(void) + { + return DH_new_method(NULL); + } + +DH *DH_new_method(ENGINE *engine) + { + DH *ret; + + ret=(DH *)OPENSSL_malloc(sizeof(DH)); + if (ret == NULL) + { + DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE); + return(NULL); + } + + ret->meth = DH_get_default_method(); +#ifndef OPENSSL_NO_ENGINE + if (engine) + { + if (!ENGINE_init(engine)) + { + DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); + OPENSSL_free(ret); + return NULL; + } + ret->engine = engine; + } + else + ret->engine = ENGINE_get_default_DH(); + if(ret->engine) + { + ret->meth = ENGINE_get_DH(ret->engine); + if(!ret->meth) + { + DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } +#endif + + ret->pad=0; + ret->version=0; + ret->p=NULL; + ret->g=NULL; + ret->length=0; + ret->pub_key=NULL; + ret->priv_key=NULL; + ret->q=NULL; + ret->j=NULL; + ret->seed = NULL; + ret->seedlen = 0; + ret->counter = NULL; + ret->method_mont_p=NULL; + ret->references = 1; + ret->flags=ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { +#ifndef OPENSSL_NO_ENGINE + if (ret->engine) + ENGINE_finish(ret->engine); +#endif + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); + OPENSSL_free(ret); + ret=NULL; + } + return(ret); + } + +void DH_free(DH *r) + { + int i; + if(r == NULL) return; + i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); +#ifdef REF_PRINT + REF_PRINT("DH",r); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"DH_free, bad reference count\n"); + abort(); + } +#endif + + if (r->meth->finish) + r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE + if (r->engine) + ENGINE_finish(r->engine); +#endif + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); + + if (r->p != NULL) BN_clear_free(r->p); + if (r->g != NULL) BN_clear_free(r->g); + if (r->q != NULL) BN_clear_free(r->q); + if (r->j != NULL) BN_clear_free(r->j); + if (r->seed) OPENSSL_free(r->seed); + if (r->counter != NULL) BN_clear_free(r->counter); + if (r->pub_key != NULL) BN_clear_free(r->pub_key); + if (r->priv_key != NULL) BN_clear_free(r->priv_key); + OPENSSL_free(r); + } + +int DH_up_ref(DH *r) + { + int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); +#ifdef REF_PRINT + REF_PRINT("DH",r); +#endif +#ifdef REF_CHECK + if (i < 2) + { + fprintf(stderr, "DH_up, bad reference count\n"); + abort(); + } +#endif + return ((i > 1) ? 1 : 0); + } + +int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, + new_func, dup_func, free_func); + } + +int DH_set_ex_data(DH *d, int idx, void *arg) + { + return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); + } + +void *DH_get_ex_data(DH *d, int idx) + { + return(CRYPTO_get_ex_data(&d->ex_data,idx)); + } + +int DH_size(const DH *dh) + { + return(BN_num_bytes(dh->p)); + } diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c new file mode 100644 index 000000000000..882f5c310a79 --- /dev/null +++ b/crypto/dh/dhtest.c @@ -0,0 +1,226 @@ +/* crypto/dh/dhtest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "../e_os.h" + +#include <openssl/crypto.h> +#include <openssl/bio.h> +#include <openssl/bn.h> +#include <openssl/rand.h> +#include <openssl/err.h> + +#ifdef OPENSSL_NO_DH +int main(int argc, char *argv[]) +{ + printf("No DH support\n"); + return(0); +} +#else +#include <openssl/dh.h> + +#ifdef OPENSSL_SYS_WIN16 +#define MS_CALLBACK _far _loadds +#else +#define MS_CALLBACK +#endif + +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg); + +static const char rnd_seed[] = "string to make the random number generator think it has entropy"; + +int main(int argc, char *argv[]) + { + BN_GENCB _cb; + DH *a; + DH *b=NULL; + char buf[12]; + unsigned char *abuf=NULL,*bbuf=NULL; + int i,alen,blen,aout,bout,ret=1; + BIO *out; + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + +#ifdef OPENSSL_SYS_WIN32 + CRYPTO_malloc_init(); +#endif + + RAND_seed(rnd_seed, sizeof rnd_seed); + + out=BIO_new(BIO_s_file()); + if (out == NULL) EXIT(1); + BIO_set_fp(out,stdout,BIO_NOCLOSE); + + BN_GENCB_set(&_cb, &cb, out); + if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, + DH_GENERATOR_5, &_cb)) + goto err; + + if (!DH_check(a, &i)) goto err; + if (i & DH_CHECK_P_NOT_PRIME) + BIO_puts(out, "p value is not prime\n"); + if (i & DH_CHECK_P_NOT_SAFE_PRIME) + BIO_puts(out, "p value is not a safe prime\n"); + if (i & DH_UNABLE_TO_CHECK_GENERATOR) + BIO_puts(out, "unable to check the generator value\n"); + if (i & DH_NOT_SUITABLE_GENERATOR) + BIO_puts(out, "the g value is not a generator\n"); + + BIO_puts(out,"\np ="); + BN_print(out,a->p); + BIO_puts(out,"\ng ="); + BN_print(out,a->g); + BIO_puts(out,"\n"); + + b=DH_new(); + if (b == NULL) goto err; + + b->p=BN_dup(a->p); + b->g=BN_dup(a->g); + if ((b->p == NULL) || (b->g == NULL)) goto err; + + /* Set a to run with normal modexp and b to use constant time */ + a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; + b->flags |= DH_FLAG_NO_EXP_CONSTTIME; + + if (!DH_generate_key(a)) goto err; + BIO_puts(out,"pri 1="); + BN_print(out,a->priv_key); + BIO_puts(out,"\npub 1="); + BN_print(out,a->pub_key); + BIO_puts(out,"\n"); + + if (!DH_generate_key(b)) goto err; + BIO_puts(out,"pri 2="); + BN_print(out,b->priv_key); + BIO_puts(out,"\npub 2="); + BN_print(out,b->pub_key); + BIO_puts(out,"\n"); + + alen=DH_size(a); + abuf=(unsigned char *)OPENSSL_malloc(alen); + aout=DH_compute_key(abuf,b->pub_key,a); + + BIO_puts(out,"key1 ="); + for (i=0; i<aout; i++) + { + sprintf(buf,"%02X",abuf[i]); + BIO_puts(out,buf); + } + BIO_puts(out,"\n"); + + blen=DH_size(b); + bbuf=(unsigned char *)OPENSSL_malloc(blen); + bout=DH_compute_key(bbuf,a->pub_key,b); + + BIO_puts(out,"key2 ="); + for (i=0; i<bout; i++) + { + sprintf(buf,"%02X",bbuf[i]); + BIO_puts(out,buf); + } + BIO_puts(out,"\n"); + if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0)) + { + fprintf(stderr,"Error in DH routines\n"); + ret=1; + } + else + ret=0; +err: + ERR_print_errors_fp(stderr); + + if (abuf != NULL) OPENSSL_free(abuf); + if (bbuf != NULL) OPENSSL_free(bbuf); + if(b != NULL) DH_free(b); + if(a != NULL) DH_free(a); + BIO_free(out); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif + EXIT(ret); + return(ret); + } + +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write(arg->arg,&c,1); + (void)BIO_flush(arg->arg); +#ifdef LINT + p=n; +#endif + return 1; + } +#endif diff --git a/crypto/dh/example b/crypto/dh/example new file mode 100644 index 000000000000..16a33d2910f1 --- /dev/null +++ b/crypto/dh/example @@ -0,0 +1,50 @@ +From owner-cypherpunks@toad.com Mon Sep 25 10:50:51 1995 +Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562 + (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000 +Received: by minbne.mincom.oz.au id AA19958 + (5.65c/IDA-1.4.4 for eay@orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000 +Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP); + Wed, 27 Sep 1995 19:13:05 +1000 +Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156; + Wed, 27 Sep 1995 04:48:46 -0400 +Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT +Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT +Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14]) + by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442 + for <cypherpunks@toad.com>; Mon, 25 Sep 1995 17:52:47 -0700 +Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1) + id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700 +Date: Mon, 25 Sep 1995 17:50:51 -0700 +From: Phil Karn <karn@qualcomm.com> +Message-Id: <199509260050.RAA14732@servo.qualcomm.com> +To: cypherpunks@toad.com, ipsec-dev@eit.com +Subject: Primality verification needed +Sender: owner-cypherpunks@toad.com +Precedence: bulk +Status: RO +X-Status: + +Hi. I've generated a 2047-bit "strong" prime number that I would like to +use with Diffie-Hellman key exchange. I assert that not only is this number +'p' prime, but so is (p-1)/2. + +I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version +1.3.2 to test this number. This function uses the Miller-Rabin primality test. +However, to increase my confidence that this number really is a strong prime, +I'd like to ask others to confirm it with other tests. Here's the number in hex: + +72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e +fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a +a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65 +fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2 +3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0 +ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3 +56a05180c3bec7ddd5ef6fe76b1f717b + +The generator, g, for this prime is 2. + +Thanks! + +Phil Karn + + diff --git a/crypto/dh/generate b/crypto/dh/generate new file mode 100644 index 000000000000..5d407231df5b --- /dev/null +++ b/crypto/dh/generate @@ -0,0 +1,65 @@ +From: stewarts@ix.netcom.com (Bill Stewart) +Newsgroups: sci.crypt +Subject: Re: Diffie-Hellman key exchange +Date: Wed, 11 Oct 1995 23:08:28 GMT +Organization: Freelance Information Architect +Lines: 32 +Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com> +References: <458rhn$76m$1@mhadf.production.compuserve.com> +NNTP-Posting-Host: ix-pl4-16.ix.netcom.com +X-NETCOM-Date: Wed Oct 11 4:09:22 PM PDT 1995 +X-Newsreader: Forte Free Agent 1.0.82 + +Kent Briggs <72124.3234@CompuServe.COM> wrote: + +>I have a copy of the 1976 IEEE article describing the +>Diffie-Hellman public key exchange algorithm: y=a^x mod q. I'm +>looking for sources that give examples of secure a,q pairs and +>possible some source code that I could examine. + +q should be prime, and ideally should be a "strong prime", +which means it's of the form 2n+1 where n is also prime. +q also needs to be long enough to prevent the attacks LaMacchia and +Odlyzko described (some variant on a factoring attack which generates +a large pile of simultaneous equations and then solves them); +long enough is about the same size as factoring, so 512 bits may not +be secure enough for most applications. (The 192 bits used by +"secure NFS" was certainly not long enough.) + +a should be a generator for q, which means it needs to be +relatively prime to q-1. Usually a small prime like 2, 3 or 5 will +work. + +.... + +Date: Tue, 26 Sep 1995 13:52:36 MST +From: "Richard Schroeppel" <rcs@cs.arizona.edu> +To: karn +Cc: ho@cs.arizona.edu +Subject: random large primes + +Since your prime is really random, proving it is hard. +My personal limit on rigorously proved primes is ~350 digits. +If you really want a proof, we should talk to Francois Morain, +or the Australian group. + +If you want 2 to be a generator (mod P), then you need it +to be a non-square. If (P-1)/2 is also prime, then +non-square == primitive-root for bases << P. + +In the case at hand, this means 2 is a generator iff P = 11 (mod 24). +If you want this, you should restrict your sieve accordingly. + +3 is a generator iff P = 5 (mod 12). + +5 is a generator iff P = 3 or 7 (mod 10). + +2 is perfectly usable as a base even if it's a non-generator, since +it still covers half the space of possible residues. And an +eavesdropper can always determine the low-bit of your exponent for +a generator anyway. + +Rich rcs@cs.arizona.edu + + + diff --git a/crypto/dh/p1024.c b/crypto/dh/p1024.c new file mode 100644 index 000000000000..368ceca4eb06 --- /dev/null +++ b/crypto/dh/p1024.c @@ -0,0 +1,92 @@ +/* crypto/dh/p1024.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <openssl/bn.h> +#include <openssl/asn1.h> +#include <openssl/dh.h> +#include <openssl/pem.h> + +unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD, + 0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3, + 0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8, + 0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF, + 0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9, + 0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78, + 0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E, + 0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6, + 0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B, + 0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89, + 0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19, + 0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03, + 0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B, + 0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21, + 0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE, + 0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB, + }; + +main() + { + DH *dh; + + dh=DH_new(); + dh->p=BN_bin2bn(data,sizeof(data),NULL); + dh->g=BN_new(); + BN_set_word(dh->g,2); + PEM_write_DHparams(stdout,dh); + } diff --git a/crypto/dh/p192.c b/crypto/dh/p192.c new file mode 100644 index 000000000000..7bdf40410eb0 --- /dev/null +++ b/crypto/dh/p192.c @@ -0,0 +1,80 @@ +/* crypto/dh/p192.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <openssl/bn.h> +#include <openssl/asn1.h> +#include <openssl/dh.h> +#include <openssl/pem.h> + +unsigned char data[]={ +0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E, +0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76, +0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B, + }; + +main() + { + DH *dh; + + dh=DH_new(); + dh->p=BN_bin2bn(data,sizeof(data),NULL); + dh->g=BN_new(); + BN_set_word(dh->g,3); + PEM_write_DHparams(stdout,dh); + } diff --git a/crypto/dh/p512.c b/crypto/dh/p512.c new file mode 100644 index 000000000000..a9b6aa83f034 --- /dev/null +++ b/crypto/dh/p512.c @@ -0,0 +1,85 @@ +/* crypto/dh/p512.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <openssl/bn.h> +#include <openssl/asn1.h> +#include <openssl/dh.h> +#include <openssl/pem.h> + +unsigned char data[]={ +0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89, +0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92, +0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, +0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED, +0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29, +0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, +0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6, +0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33, + }; + +main() + { + DH *dh; + + dh=DH_new(); + dh->p=BN_bin2bn(data,sizeof(data),NULL); + dh->g=BN_new(); + BN_set_word(dh->g,2); + PEM_write_DHparams(stdout,dh); + } |