New function DSA_dup_DH, and fixes for bugs that were found (48c843c3) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+21 −0

Original line number	Original line	Diff line number	Diff line
	@@ -4,6 +4,27 @@

	Changes between 0.9.3a and 0.9.4 [xx Aug 1999]		Changes between 0.9.3a and 0.9.4 [xx Aug 1999]

			*) New function DSA_dup_DH, which duplicates DSA parameters/keys as
			DH parameters/keys (q is lost during that conversion, but the resulting
			DH parameters contain its length).

			For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
			much faster than DH_generate_parameters (which creates parameters
			where p = 2*q + 1), and also the smaller q makes DH computations
			much more efficient (160-bit exponentiation instead of 1024-bit
			exponentiation); so this provides a convenient way to support DHE
			ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
			utter importance to use
			SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
			or
			SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
			when such DH parameters are used, because otherwise small subgroup
			attacks may become possible!
			[Bodo Moeller]

			*) Avoid memory leak in i2d_DHparams.
			[Bodo Moeller]

	*) Allow the -k option to be used more than once in the enc program:		*) Allow the -k option to be used more than once in the enc program:
	this allows the same encrypted message to be read by multiple recipients.		this allows the same encrypted message to be read by multiple recipients.
	[Steve Henson]		[Steve Henson]

Makefile.org

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -180,7 +180,7 @@ all: Makefile.ssl
	(cd $$i && echo "making all in $$i..." && \		(cd $$i && echo "making all in $$i..." && \
	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) \|\| exit 1; \		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) \|\| exit 1; \
	done;		done;
	cd perl; $(PERL) Makefile.PL; make		# cd perl; $(PERL) Makefile.PL; make

	sub_all:		sub_all:
	@for i in $(DIRS) ;\		@for i in $(DIRS) ;\

STATUS

+2 −3

Original line number	Original line	Diff line number	Diff line

	OpenSSL STATUS Last modified at		OpenSSL STATUS Last modified at
	______________ $Date: 1999/08/05 00:15:15 $		______________ $Date: 1999/08/05 11:50:09 $

	DEVELOPMENT STATE		DEVELOPMENT STATE

	@@ -120,5 +120,4 @@

	WISHES		WISHES

	o Support optional q component in DH parameters to speed up		o
	SSL ciphersuites with ephemeral DH.

crypto/asn1/Makefile.ssl

+23 −18

Original line number	Original line	Diff line number	Diff line
	@@ -346,9 +346,10 @@ d2i_dhp.o: ../../include/openssl/stack.h ../cryptlib.h
	d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h		d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
	d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h		d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
	d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h		d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
	d2i_dsap.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h		d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
	d2i_dsap.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h		d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
	d2i_dsap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h		d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/objects.h
			d2i_dsap.o: ../../include/openssl/opensslconf.h
	d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h		d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
	d2i_dsap.o: ../../include/openssl/stack.h ../cryptlib.h		d2i_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
	d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h		d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
	@@ -402,17 +403,19 @@ d2i_r_pu.o: ../cryptlib.h
	d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h		d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
	d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h		d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
	d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h		d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
	d2i_s_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h		d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
	d2i_s_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h		d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
	d2i_s_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h		d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
			d2i_s_pr.o: ../../include/openssl/opensslconf.h
	d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h		d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
	d2i_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h		d2i_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
	d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h		d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
	d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h		d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
	d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h		d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
	d2i_s_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h		d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
	d2i_s_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h		d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
	d2i_s_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h		d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
			d2i_s_pu.o: ../../include/openssl/opensslconf.h
	d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h		d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
	d2i_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h		d2i_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
	evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h		evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
	@@ -454,9 +457,9 @@ i2d_dhp.o: ../cryptlib.h
	i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h		i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
	i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h		i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
	i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h		i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
	i2d_dsap.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h		i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
	i2d_dsap.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h		i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
	i2d_dsap.o: ../../include/openssl/opensslconf.h		i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
	i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h		i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
	i2d_dsap.o: ../../include/openssl/stack.h ../cryptlib.h		i2d_dsap.o: ../../include/openssl/stack.h ../cryptlib.h
	i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h		i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
	@@ -510,17 +513,19 @@ i2d_r_pu.o: ../cryptlib.h
	i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h		i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
	i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h		i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
	i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h		i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
	i2d_s_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h		i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
	i2d_s_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h		i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
	i2d_s_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h		i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/objects.h
			i2d_s_pr.o: ../../include/openssl/opensslconf.h
	i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h		i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
	i2d_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h		i2d_s_pr.o: ../../include/openssl/stack.h ../cryptlib.h
	i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h		i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
	i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h		i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
	i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h		i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
	i2d_s_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h		i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
	i2d_s_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h		i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
	i2d_s_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h		i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/objects.h
			i2d_s_pu.o: ../../include/openssl/opensslconf.h
	i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h		i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
	i2d_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h		i2d_s_pu.o: ../../include/openssl/stack.h ../cryptlib.h
	n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h		n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h

crypto/asn1/i2d_dhp.c

+6 −1

Original line number	Original line	Diff line number	Diff line
	@@ -94,7 +94,12 @@ int i2d_DHparams(DH a, unsigned char *pp)
	}		}

	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);		t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
	if (pp == NULL) return(t);		if (pp == NULL)
			{
			if (num[2] != NULL)
			BN_free(num[2]);
			return(t);
			}

	p= *pp;		p= *pp;
	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);		ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);