ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Added OpenSSL Diffie-Hellman code

Browse Source
This commit is contained in:
Brian Wellington
1999-09-27 15:34:06 +00:00
parent 916f55f0dd
commit 8b63ecfc36
9 changed files with 996 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/dns/sec/openssl/Makefile.in
View File

@@ -39,9 +39,10 @@ LIBS = @LIBS@
OBJS = bn_add.@O@ bn_asm.@O@ bn_comba.@O@ bn_div.@O@ \
bn_err.@O@ bn_exp.@O@ bn_exp2.@O@ bn_gcd.@O@ \
bn_lib.@O@ bn_mont.@O@ bn_mul.@O@ \
bn_prime.@O@ bn_rand.@O@ bn_recp.@O@ \
bn_prime.@O@ bn_print.@O@ bn_rand.@O@ bn_recp.@O@ \
bn_shift.@O@ bn_sqr.@O@ bn_word.@O@ buffer.@O@ \
cryptlib.@O@ dsa_asn1.@O@ dsa_err.@O@ dsa_gen.@O@ \
cryptlib.@O@ dh_err.@O@ dh_gen.@O@ dh_key.@O@ \
dh_lib.@O@ dsa_asn1.@O@ dsa_err.@O@ dsa_gen.@O@ \
dsa_key.@O@ dsa_lib.@O@ dsa_sign.@O@ dsa_vrf.@O@ \
err.@O@ lhash.@O@ md_rand.@O@ md5_dgst.@O@ mem.@O@ \
rand_lib.@O@ sha1_one.@O@ sha1dgst.@O@ stack.@O@ \
@@ -50,9 +51,10 @@ OBJS = bn_add.@O@ bn_asm.@O@ bn_comba.@O@ bn_div.@O@ \
SRCS = bn_add.c bn_asm.c bn_comba.c bn_div.c \
bn_err.c bn_exp.c bn_exp2.c bn_gcd.c \
bn_lib.c bn_mont.c bn_mul.c \
bn_prime.c bn_rand.c bn_recp.c \
bn_prime.c bn_print.c bn_rand.c bn_recp.c \
bn_shift.c bn_sqr.c bn_word.c buffer.c \
cryptlib.c dsa_asn1.c dsa_err.c dsa_gen.c \
cryptlib.c dh_err.c dh_gen.c dh_key.c dh_lib.c \
dsa_asn1.c dsa_err.c dsa_gen.c \
dsa_key.c dsa_lib.c dsa_sign.c dsa_vrf.c \
err.c lhash.c md_rand.c md5_dgst.c mem.c \
rand_lib.c sha1_one.c sha1dgst.c stack.c \

1
lib/dns/sec/openssl/bn_lcl.h
View File

@@ -233,6 +233,7 @@ extern "C" {
/* BEW */
#define OPENSSL_EXTERN extern
#define NO_BIO
OPENSSL_EXTERN int bn_limit_bits;
OPENSSL_EXTERN int bn_limit_num; /* (1<<bn_limit_bits) */

327
lib/dns/sec/openssl/bn_print.c Normal file
View File

@@ -0,0 +1,327 @@
/* crypto/bn/bn_print.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <ctype.h>
#include "cryptlib.h"
#include <openssl/buffer.h>
#include "bn_lcl.h"
static const char *Hex="0123456789ABCDEF";
/* Must 'Free' the returned data */
char *BN_bn2hex(const BIGNUM *a)
{
int i,j,v,z=0;
char *buf;
char *p;
buf=(char *)Malloc(a->top*BN_BYTES*2+2);
if (buf == NULL)
{
BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
goto err;
}
p=buf;
if (a->neg) *(p++)='-';
if (a->top == 0) *(p++)='0';
for (i=a->top-1; i >=0; i--)
{
for (j=BN_BITS2-8; j >= 0; j-=8)
{
/* strip leading zeros */
v=((int)(a->d[i]>>(long)j))&0xff;
if (z || (v != 0))
{
*(p++)=Hex[v>>4];
*(p++)=Hex[v&0x0f];
z=1;
}
}
}
*p='\0';
err:
return(buf);
}
#if 0
/* Must 'Free' the returned data */
char *BN_bn2dec(const BIGNUM *a)
{
int i=0,num;
char *buf=NULL;
char *p;
BIGNUM *t=NULL;
BN_ULONG *bn_data=NULL,*lp;
i=BN_num_bits(a)*3;
num=(i/10+i/1000+3)+1;
bn_data=(BN_ULONG *)Malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
buf=(char *)Malloc(num+3);
if ((buf == NULL) || (bn_data == NULL))
{
BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
goto err;
}
if ((t=BN_dup(a)) == NULL) goto err;
p=buf;
lp=bn_data;
if (t->neg) *(p++)='-';
if (t->top == 0)
{
*(p++)='0';
*(p++)='\0';
}
else
{
i=0;
while (!BN_is_zero(t))
{
*lp=BN_div_word(t,BN_DEC_CONV);
lp++;
}
lp--;
/* We now have a series of blocks, BN_DEC_NUM chars
* in length, where the last one needs trucation.
* The blocks need to be reversed in order. */
sprintf(p,BN_DEC_FMT1,*lp);
while (*p) p++;
while (lp != bn_data)
{
lp--;
sprintf(p,BN_DEC_FMT2,*lp);
while (*p) p++;
}
}
err:
if (bn_data != NULL) Free(bn_data);
if (t != NULL) BN_free(t);
return(buf);
}
#endif
int BN_hex2bn(BIGNUM **bn, const char *a)
{
BIGNUM *ret=NULL;
BN_ULONG l=0;
int neg=0,h,m,i,j,k,c;
int num;
if ((a == NULL) || (*a == '\0')) return(0);
if (*a == '-') { neg=1; a++; }
for (i=0; isxdigit((unsigned char) a[i]); i++)
;
num=i+neg;
if (bn == NULL) return(num);
/* a is the start of the hex digets, and it is 'i' long */
if (*bn == NULL)
{
if ((ret=BN_new()) == NULL) return(0);
}
else
{
ret= *bn;
BN_zero(ret);
}
/* i is the number of hex digests; */
if (bn_expand(ret,i*4) == NULL) goto err;
j=i; /* least significate 'hex' */
m=0;
h=0;
while (j > 0)
{
m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
l=0;
for (;;)
{
c=a[j-m];
if ((c >= '0') && (c <= '9')) k=c-'0';
else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
else k=0; /* paranoia */
l=(l<<4)|k;
if (--m <= 0)
{
ret->d[h++]=l;
break;
}
}
j-=(BN_BYTES*2);
}
ret->top=h;
bn_fix_top(ret);
ret->neg=neg;
*bn=ret;
return(num);
err:
if (*bn == NULL) BN_free(ret);
return(0);
}
#if 0
int BN_dec2bn(BIGNUM **bn, const char *a)
{
BIGNUM *ret=NULL;
BN_ULONG l=0;
int neg=0,i,j;
int num;
if ((a == NULL) || (*a == '\0')) return(0);
if (*a == '-') { neg=1; a++; }
for (i=0; isdigit((unsigned char) a[i]); i++)
;
num=i+neg;
if (bn == NULL) return(num);
/* a is the start of the digets, and it is 'i' long.
* We chop it into BN_DEC_NUM digets at a time */
if (*bn == NULL)
{
if ((ret=BN_new()) == NULL) return(0);
}
else
{
ret= *bn;
BN_zero(ret);
}
/* i is the number of digests, a bit of an over expand; */
if (bn_expand(ret,i*4) == NULL) goto err;
j=BN_DEC_NUM-(i%BN_DEC_NUM);
if (j == BN_DEC_NUM) j=0;
l=0;
while (*a)
{
l*=10;
l+= *a-'0';
a++;
if (++j == BN_DEC_NUM)
{
BN_mul_word(ret,BN_DEC_CONV);
BN_add_word(ret,l);
l=0;
j=0;
}
}
ret->neg=neg;
bn_fix_top(ret);
*bn=ret;
return(num);
err:
if (*bn == NULL) BN_free(ret);
return(0);
}
#endif
#ifndef NO_BIO
#ifndef NO_FP_API
int BN_print_fp(FILE *fp, BIGNUM *a)
{
BIO *b;
int ret;
if ((b=BIO_new(BIO_s_file())) == NULL)
return(0);
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=BN_print(b,a);
BIO_free(b);
return(ret);
}
#endif
int BN_print(BIO *bp, const BIGNUM *a)
{
int i,j,v,z=0;
int ret=0;
if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
if ((a->top == 0) && (BIO_write(bp,"0",1) != 1)) goto end;
for (i=a->top-1; i >=0; i--)
{
for (j=BN_BITS2-4; j >= 0; j-=4)
{
/* strip leading zeros */
v=((int)(a->d[i]>>(long)j))&0x0f;
if (z || (v != 0))
{
if (BIO_write(bp,&(Hex[v]),1) != 1)
goto end;
z=1;
}
}
}
ret=1;
end:
return(ret);
}
#endif

98
lib/dns/sec/openssl/dh_err.c Normal file
View File

@@ -0,0 +1,98 @@
/* crypto/dh/dh_err.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file.
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/dh.h>
/* BEGIN ERROR CODES */
#ifndef NO_ERR
static ERR_STRING_DATA DH_str_functs[]=
{
{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"},
{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0), "DHparams_print_fp"},
{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"},
{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"},
{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"},
{ERR_PACK(0,DH_F_DH_NEW,0), "DH_new"},
{0,NULL}
};
static ERR_STRING_DATA DH_str_reasons[]=
{
{DH_R_NO_PRIVATE_VALUE ,"no private value"},
{0,NULL}
};
#endif
void ERR_load_DH_strings(void)
{
static int init=1;
if (init)
{
init=0;
#ifndef NO_ERR
ERR_load_strings(ERR_LIB_DH,DH_str_functs);
ERR_load_strings(ERR_LIB_DH,DH_str_reasons);
#endif
}
}

148
lib/dns/sec/openssl/dh_gen.c Normal file
View File

@@ -0,0 +1,148 @@
/* crypto/dh/dh_gen.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
/* We generate DH parameters as follows
* find a prime q which is prime_len/2 bits long.
* p=(2*q)+1 or (p-1)/2 = q
* For this case, g is a generator if
* g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
* Since the factors of p-1 are q and 2, we just need to check
* g^2 mod p != 1 and g^q mod p != 1.
*
* Having said all that,
* there is another special case method for the generators 2, 3 and 5.
* for 2, p mod 24 == 11
* for 3, p mod 12 == 5 <<<<< does not work for strong primes.
* for 5, p mod 10 == 3 or 7
*
* Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
* special generators and for answering some of my questions.
*
* I've implemented the second simple method :-).
* Since DH should be using a strong prime (both p and q are prime),
* this generator function can take a very very long time to run.
*/
DH *DH_generate_parameters(int prime_len, int generator,
void (*callback)(int,int,void *), void *cb_arg)
{
BIGNUM *p=NULL,*t1,*t2;
DH *ret=NULL;
int g,ok= -1;
BN_CTX *ctx=NULL;
ret=DH_new();
if (ret == NULL) goto err;
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
t1= &(ctx->bn[0]);
t2= &(ctx->bn[1]);
ctx->tos=2;
if (generator == DH_GENERATOR_2)
{
BN_set_word(t1,24);
BN_set_word(t2,11);
g=2;
}
#ifdef undef /* does not work for strong primes */
else if (generator == DH_GENERATOR_3)
{
BN_set_word(t1,12);
BN_set_word(t2,5);
g=3;
}
#endif
else if (generator == DH_GENERATOR_5)
{
BN_set_word(t1,10);
BN_set_word(t2,3);
/* BN_set_word(t3,7); just have to miss
* out on these ones :-( */
g=5;
}
else
g=generator;
p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
if (p == NULL) goto err;
if (callback != NULL) callback(3,0,cb_arg);
ret->p=p;
ret->g=BN_new();
if (!BN_set_word(ret->g,g)) goto err;
ok=1;
err:
if (ok == -1)
{
DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
ok=0;
}
if (ctx != NULL) BN_CTX_free(ctx);
if (!ok && (ret != NULL))
{
DH_free(ret);
ret=NULL;
}
return(ret);
}

154
lib/dns/sec/openssl/dh_key.c Normal file
View File

@@ -0,0 +1,154 @@
/* crypto/dh/dh_key.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/dh.h>
int DH_generate_key(DH *dh)
{
int ok=0;
unsigned int i;
BN_CTX ctx;
BN_MONT_CTX *mont;
BIGNUM *pub_key=NULL,*priv_key=NULL;
BN_CTX_init(&ctx);
if (dh->priv_key == NULL)
{
i=dh->length;
if (i == 0)
{
/* Make the number p-1 bits long */
i=BN_num_bits(dh->p)-1;
}
priv_key=BN_new();
if (priv_key == NULL) goto err;
if (!BN_rand(priv_key,i,0,0)) goto err;
}
else
priv_key=dh->priv_key;
if (dh->pub_key == NULL)
{
pub_key=BN_new();
if (pub_key == NULL) goto err;
}
else
pub_key=dh->pub_key;
if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
{
if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
dh->p,&ctx)) goto err;
}
mont=(BN_MONT_CTX *)dh->method_mont_p;
if (!BN_mod_exp_mont(pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
dh->pub_key=pub_key;
dh->priv_key=priv_key;
ok=1;
err:
if (ok != 1)
DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
BN_CTX_free(&ctx);
return(ok);
}
int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
{
BN_CTX ctx;
BN_MONT_CTX *mont;
BIGNUM *tmp;
int ret= -1;
BN_CTX_init(&ctx);
tmp= &(ctx.bn[ctx.tos++]);
if (dh->priv_key == NULL)
{
DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
goto err;
}
if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
{
if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
dh->p,&ctx)) goto err;
}
mont=(BN_MONT_CTX *)dh->method_mont_p;
if (!BN_mod_exp_mont(tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
{
DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
goto err;
}
ret=BN_bn2bin(tmp,key);
err:
BN_CTX_free(&ctx);
return(ret);
}

103
lib/dns/sec/openssl/dh_lib.c Normal file
View File

@@ -0,0 +1,103 @@
/* crypto/dh/dh_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
DH *DH_new(void)
{
DH *ret;
ret=(DH *)Malloc(sizeof(DH));
if (ret == NULL)
{
DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
ret->pad=0;
ret->version=0;
ret->p=NULL;
ret->g=NULL;
ret->length=0;
ret->pub_key=NULL;
ret->priv_key=NULL;
ret->flags=DH_FLAG_CACHE_MONT_P;
ret->method_mont_p=NULL;
return(ret);
}
void DH_free(DH *r)
{
if(r == NULL) return;
if (r->p != NULL) BN_clear_free(r->p);
if (r->g != NULL) BN_clear_free(r->g);
if (r->pub_key != NULL) BN_clear_free(r->pub_key);
if (r->priv_key != NULL) BN_clear_free(r->priv_key);
if (r->method_mont_p != NULL)
BN_MONT_CTX_free((BN_MONT_CTX *)r->method_mont_p);
Free(r);
}
int DH_size(DH *dh)
{
return(BN_num_bytes(dh->p));
}

2
lib/dns/sec/openssl/include/openssl/Makefile.in
View File

@@ -19,7 +19,7 @@ top_srcdir = @top_srcdir@
@BIND9_VERSION@
HEADERS = bio.h bn.h buffer.h crypto.h dsa.h e_os.h e_os2.h err.h \
HEADERS = bio.h bn.h buffer.h crypto.h dh.h dsa.h e_os.h e_os2.h err.h \
lhash.h md5.h opensslconf.h opensslv.h rand.h sha.h stack.h
SUBDIRS =

158
lib/dns/sec/openssl/include/openssl/dh.h Normal file
View File

@@ -0,0 +1,158 @@
/* crypto/dh/dh.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef HEADER_DH_H
#define HEADER_DH_H
#ifdef __cplusplus
extern "C" {
#endif
#ifdef NO_DH
#error DH is disabled.
#endif
#include <openssl/bn.h>
#define DH_FLAG_CACHE_MONT_P 0x01
typedef struct dh_st
{
/* This first argument is used to pick up errors when
* a DH is passed instead of a EVP_PKEY */
int pad;
int version;
BIGNUM *p;
BIGNUM *g;
int length; /* optional */
BIGNUM *pub_key; /* y */
BIGNUM *priv_key; /* x */
int flags;
char *method_mont_p;
} DH;
#define DH_GENERATOR_2 2
/* #define DH_GENERATOR_3 3 */
#define DH_GENERATOR_5 5
/* DH_check error codes */
#define DH_CHECK_P_NOT_PRIME 0x01
#define DH_CHECK_P_NOT_STRONG_PRIME 0x02
#define DH_UNABLE_TO_CHECK_GENERATOR 0x04
#define DH_NOT_SUITABLE_GENERATOR 0x08
#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
(char *(*)())d2i_DHparams,(char *)(x))
#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
(unsigned char *)(x))
#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
(char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
#ifdef __cplusplus
#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \
(unsigned char *)(x))
#else
#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
(unsigned char *)(x))
#endif
DH * DH_new(void);
void DH_free(DH *dh);
int DH_size(DH *dh);
DH * DH_generate_parameters(int prime_len,int generator,
void (*callback)(int,int,void *),void *cb_arg);
int DH_check(DH *dh,int *codes);
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh);
DH * d2i_DHparams(DH **a,unsigned char **pp, long length);
int i2d_DHparams(DH *a,unsigned char **pp);
#ifndef NO_FP_API
int DHparams_print_fp(FILE *fp, DH *x);
#endif
#ifdef HEADER_BIO_H
int DHparams_print(BIO *bp, DH *x);
#else
int DHparams_print(char *bp, DH *x);
#endif
void ERR_load_DH_strings(void );
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
/* Error codes for the DH functions. */
/* Function codes. */
#define DH_F_DHPARAMS_PRINT 100
#define DH_F_DHPARAMS_PRINT_FP 101
#define DH_F_DH_COMPUTE_KEY 102
#define DH_F_DH_GENERATE_KEY 103
#define DH_F_DH_GENERATE_PARAMETERS 104
#define DH_F_DH_NEW 105
/* Reason codes. */
#define DH_R_NO_PRIVATE_VALUE 100
#ifdef __cplusplus
}
#endif
#endif