New '-dsaparam' option for 'openssl dhparam', and related fixes.

diff --git a/CHANGES b/CHANGES
index 8265c8826e101a444e1c44745bf0e9cf22e773b1..ed0156342be0bff7f0b4f10aa71b727b5f1f1564 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 0.9.5 and 0.9.6  [XX XXX 2000]
 
 
  Changes between 0.9.5 and 0.9.6  [XX XXX 2000]
 

+  *) Add '-dsaparam' option to 'openssl dhparam' application.  This
+     converts DSA parameters into DH parameters. (When creating parameters,
+     DSA_generate_parameters is used.)
+     [Bodo Moeller]
+
+  *) Include 'length' (recommended exponent length) in C code generated
+     by 'openssl dhparam -C'.
+     [Bodo Moeller]
+

   *) The second argument to set_label in perlasm was already being used
      so couldn't be used as a "file scope" flag. Moved to third argument
      which was free.
   *) The second argument to set_label in perlasm was already being used
      so couldn't be used as a "file scope" flag. Moved to third argument
      which was free.

diff --git a/apps/app_rand.c b/apps/app_rand.c
index 64531df8123d3dd376a074c6f21e2a59fa1c1876..9dc32f99a214a3a47cd236cede69c3f968c6fa74 100644 (file)
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
  * [including the GNU Public Licence.]
  */
 /* ====================================================================

- * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.

  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

diff --git a/apps/dh.c b/apps/dh.c
index b3c20e2b5c1dbdcdb88bef974c84794d65b2da90..674963f81a901ad98c80d493f41748596f433345 100644 (file)
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -1,4 +1,5 @@
 /* apps/dh.c */
 /* apps/dh.c */

+/* obsoleted by dhparam.c */

 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *


@@ -234,8 +235,8 @@ bad:
                        }
                if (i & DH_CHECK_P_NOT_PRIME)
                        printf("p value is not prime\n");
                        }
                if (i & DH_CHECK_P_NOT_PRIME)
                        printf("p value is not prime\n");

-               if (i & DH_CHECK_P_NOT_STRONG_PRIME)
-                       printf("p value is not a strong prime\n");
+               if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+                       printf("p value is not a safe prime\n");

                if (i & DH_UNABLE_TO_CHECK_GENERATOR)
                        printf("unable to check the generator value\n");
                if (i & DH_NOT_SUITABLE_GENERATOR)
                if (i & DH_UNABLE_TO_CHECK_GENERATOR)
                        printf("unable to check the generator value\n");
                if (i & DH_NOT_SUITABLE_GENERATOR)

diff --git a/apps/dhparam.c b/apps/dhparam.c
index dd9228aac8d8ff8a0f7110893890c96e95420357..b401789a1bc0bed47b0ce895782a42a87392dcd9 100644 (file)
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */

+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */

 
 #ifndef NO_DH
 #include <stdio.h>
 
 #ifndef NO_DH
 #include <stdio.h>


@@ -69,6 +122,10 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 

+#ifndef NO_DSA
+#include <openssl/dsa.h>
+#endif
+

 #undef PROG
 #define PROG   dhparam_main
 
 #undef PROG
 #define PROG   dhparam_main
 


@@ -78,6 +135,7 @@
  * -outform arg - output format - default PEM
  * -in arg     - input file - default stdin
  * -out arg    - output file - default stdout
  * -outform arg - output format - default PEM
  * -in arg     - input file - default stdin
  * -out arg    - output file - default stdout

+ * -dsaparam  - read or generate DSA parameters, convert to DH

  * -check      - check the parameters are ok
  * -noout
  * -text
  * -check      - check the parameters are ok
  * -noout
  * -text


@@ -92,6 +150,9 @@ int MAIN(int argc, char **argv)
        {
        DH *dh=NULL;
        int i,badops=0,text=0;
        {
        DH *dh=NULL;
        int i,badops=0,text=0;

+#ifndef NO_DSA
+       int dsaparam=0;
+#endif

        BIO *in=NULL,*out=NULL;
        int informat,outformat,check=0,noout=0,C=0,ret=1;
        char *infile,*outfile,*prog;
        BIO *in=NULL,*out=NULL;
        int informat,outformat,check=0,noout=0,C=0,ret=1;
        char *infile,*outfile,*prog;


@@ -138,6 +199,10 @@ int MAIN(int argc, char **argv)
                        check=1;
                else if (strcmp(*argv,"-text") == 0)
                        text=1;
                        check=1;
                else if (strcmp(*argv,"-text") == 0)
                        text=1;

+#ifndef NO_DSA
+               else if (strcmp(*argv,"-dsaparam") == 0)
+                       dsaparam=1;
+#endif

                else if (strcmp(*argv,"-C") == 0)
                        C=1;
                else if (strcmp(*argv,"-noout") == 0)
                else if (strcmp(*argv,"-C") == 0)
                        C=1;
                else if (strcmp(*argv,"-noout") == 0)


@@ -166,6 +231,9 @@ bad:
                BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
                BIO_printf(bio_err," -in arg       input file\n");
                BIO_printf(bio_err," -out arg      output file\n");
                BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
                BIO_printf(bio_err," -in arg       input file\n");
                BIO_printf(bio_err," -out arg      output file\n");

+#ifndef NO_DSA
+               BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
+#endif

                BIO_printf(bio_err," -check        check the DH parameters\n");
                BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
                BIO_printf(bio_err," -C            Output C code\n");
                BIO_printf(bio_err," -check        check the DH parameters\n");
                BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
                BIO_printf(bio_err," -C            Output C code\n");


@@ -181,8 +249,25 @@ bad:
 
        ERR_load_crypto_strings();
 
 
        ERR_load_crypto_strings();
 

-       if(g && !num) num = DEFBITS;
-       else if(num && !g) g = 2;
+       if (g && !num)
+               num = DEFBITS;
+
+#ifndef NO_DSA
+       if (dsaparam)
+               {
+               if (g)
+                       {
+                       BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
+                       goto end;
+                       }
+               }
+       else
+#endif
+               {
+               /* DH parameters */
+               if (num && !g)
+                       g = 2;
+               }

 
        if(num) {
 
 
        if(num) {
 


@@ -194,11 +279,40 @@ bad:
                        BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
                                app_RAND_load_files(inrand));
 
                        BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
                                app_RAND_load_files(inrand));
 

-               BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
-               BIO_printf(bio_err,"This is going to take a long time\n");
-               dh=DH_generate_parameters(num,g,dh_cb,bio_err);
+#ifndef NO_DSA
+               if (dsaparam)
+                       {
+                       DSA *dsa;
+                       
+                       BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+               dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
+                       if (dsa == NULL)
+                               {
+                               ERR_print_errors(bio_err);
+                               goto end;
+                               }
+
+                       dh = DSA_dup_DH(dsa);
+                       DSA_free(dsa);
+                       if (dh == NULL)
+                               {
+                               ERR_print_errors(bio_err);
+                               goto end;
+                               }
+                       }
+               else
+#endif
+                       {
+                       BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
+                       BIO_printf(bio_err,"This is going to take a long time\n");
+                       dh=DH_generate_parameters(num,g,dh_cb,bio_err);

                        
                        

-               if (dh == NULL) goto end;
+                       if (dh == NULL)
+                               {
+                               ERR_print_errors(bio_err);
+                               goto end;
+                               }
+                       }

 
                app_RAND_write_file(NULL, bio_err);
        } else {
 
                app_RAND_write_file(NULL, bio_err);
        } else {


@@ -220,24 +334,56 @@ bad:
                                }
                        }
 
                                }
                        }
 

-               if      (informat == FORMAT_ASN1)
-                       dh=d2i_DHparams_bio(in,NULL);
-               else if (informat == FORMAT_PEM)
-                       dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
-               else
+               if      (informat != FORMAT_ASN1 && informat != FORMAT_PEM)

                        {
                        BIO_printf(bio_err,"bad input format specified\n");
                        goto end;
                        }
                        {
                        BIO_printf(bio_err,"bad input format specified\n");
                        goto end;
                        }

-               if (dh == NULL)
+
+#ifndef NO_DSA
+               if (dsaparam)

                        {
                        {

-                       BIO_printf(bio_err,"unable to load DH parameters\n");
-                       ERR_print_errors(bio_err);
-                       goto end;
+                       DSA *dsa;
+                       
+                       if (informat == FORMAT_ASN1)
+                               dsa=d2i_DSAparams_bio(in,NULL);
+                       else /* informat == FORMAT_PEM */
+                               dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
+                       
+                       if (dsa == NULL)
+                               {
+                               BIO_printf(bio_err,"unable to load DSA parameters\n");
+                               ERR_print_errors(bio_err);
+                               goto end;
+                               }
+                       
+                       dh = DSA_dup_DH(dsa);
+                       DSA_free(dsa);
+                       if (dh == NULL)
+                               {
+                               ERR_print_errors(bio_err);
+                               goto end;
+                               }

                        }
                        }

-
+               else
+#endif
+                       {
+                       if (informat == FORMAT_ASN1)
+                               dh=d2i_DHparams_bio(in,NULL);
+                       else /* informat == FORMAT_PEM */
+                               dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
+                       
+                       if (dh == NULL)
+                               {
+                               BIO_printf(bio_err,"unable to load DH parameters\n");
+                               ERR_print_errors(bio_err);
+                               goto end;
+                               }
+                       }
+               
+               /* dh != NULL */

        }
        }

-
+       

        out=BIO_new(BIO_s_file());
        if (out == NULL)
                {
        out=BIO_new(BIO_s_file());
        if (out == NULL)
                {


@@ -255,7 +401,6 @@ bad:
                        }
                }
 
                        }
                }
 

-       

 
        if (text)
                {
 
        if (text)
                {


@@ -271,8 +416,8 @@ bad:
                        }
                if (i & DH_CHECK_P_NOT_PRIME)
                        printf("p value is not prime\n");
                        }
                if (i & DH_CHECK_P_NOT_PRIME)
                        printf("p value is not prime\n");

-               if (i & DH_CHECK_P_NOT_STRONG_PRIME)
-                       printf("p value is not a strong prime\n");
+               if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+                       printf("p value is not a safe prime\n");

                if (i & DH_UNABLE_TO_CHECK_GENERATOR)
                        printf("unable to check the generator value\n");
                if (i & DH_NOT_SUITABLE_GENERATOR)
                if (i & DH_UNABLE_TO_CHECK_GENERATOR)
                        printf("unable to check the generator value\n");
                if (i & DH_NOT_SUITABLE_GENERATOR)


@@ -320,6 +465,8 @@ bad:
                        bits,bits);
                printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
                printf("\t\treturn(NULL);\n");
                        bits,bits);
                printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
                printf("\t\treturn(NULL);\n");

+               if (dh->length)
+                       printf("\tdh->length = %d\n", dh->length);

                printf("\treturn(dh);\n\t}\n");
                Free(data);
                }
                printf("\treturn(dh);\n\t}\n");
                Free(data);
                }


@@ -350,6 +497,7 @@ end:
        EXIT(ret);
        }
 
        EXIT(ret);
        }
 

+/* dh_cb is identical to dsa_cb in apps/dsaparam.c */

 static void MS_CALLBACK dh_cb(int p, int n, void *arg)
        {
        char c='*';
 static void MS_CALLBACK dh_cb(int p, int n, void *arg)
        {
        char c='*';

diff --git a/apps/gendh.c b/apps/gendh.c
index acd799cea1c3c7588514d245cae087a9c5fc5823..caf5e8d736bd69545dc41b1e49d85a6d8f12acd9 100644 (file)
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -1,4 +1,5 @@
 /* apps/gendh.c */
 /* apps/gendh.c */

+/* obsoleted by dhparam.c */

 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *


@@ -159,7 +160,7 @@ bad:
                BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
                        app_RAND_load_files(inrand));
 
                BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
                        app_RAND_load_files(inrand));
 

-       BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
+       BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);

        BIO_printf(bio_err,"This is going to take a long time\n");
        dh=DH_generate_parameters(num,g,dh_cb,bio_err);
                
        BIO_printf(bio_err,"This is going to take a long time\n");
        dh=DH_generate_parameters(num,g,dh_cb,bio_err);
                

diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod
index 6b237ec05a99c1e309a71236e8ab74baf1cfaa51..15aabf4ac8a6c5e7b6430538301be05faa9da784 100644 (file)
--- a/doc/apps/dhparam.pod
+++ b/doc/apps/dhparam.pod
@@ -6,18 +6,19 @@ dhparam - DH parameter manipulation and generation
 
 =head1 SYNOPSIS
 
 
 =head1 SYNOPSIS
 

-B<openssl dh>
+B<openssl dhparam>

 [B<-inform DER|PEM>]
 [B<-outform DER|PEM>]
 [B<-inform DER|PEM>]
 [B<-outform DER|PEM>]

-[B<-in filename>]
-[B<-out filename>]
+[B<-in> I<filename>]
+[B<-out> I<filename>]
+[B<-dsaparam>]

 [B<-noout>]
 [B<-text>]
 [B<-C>]
 [B<-2>]
 [B<-5>]
 [B<-noout>]
 [B<-text>]
 [B<-C>]
 [B<-2>]
 [B<-5>]

-[B<-rand file(s)>]
-[numbits]
+[B<-rand> I<file(s)>]
+[I<numbits>]

 
 =head1 DESCRIPTION
 
 
 =head1 DESCRIPTION
 


@@ -39,23 +40,35 @@ additional header and footer lines.
 This specifies the output format, the options have the same meaning as the 
 B<-inform> option.
 
 This specifies the output format, the options have the same meaning as the 
 B<-inform> option.
 

-=item B<-in filename>
+=item B<-in> I<filename>

 
 This specifies the input filename to read parameters from or standard input if
 this option is not specified.
 
 
 This specifies the input filename to read parameters from or standard input if
 this option is not specified.
 

-=item B<-out filename>
+=item B<-out> I<filename>

 
 This specifies the output filename parameters to. Standard output is used
 if this option is not present. The output filename should B<not> be the same
 as the input filename.
 
 
 This specifies the output filename parameters to. Standard output is used
 if this option is not present. The output filename should B<not> be the same
 as the input filename.
 

+=item B<-dsaparam>
+
+If this option is used, DSA rather than DH parameters are read or created;
+they are converted to DH format.  Otherwise, "strong" primes (such
+that (p-1)/2 is also prime) will be used for DH parameter generation.
+
+DH parameter generation with the B<-dsaparam> option is much faster,
+and the recommended exponent length is shorter, which makes DH key
+exchange more efficient.  Beware that with such DSA-style DH
+parameters, a fresh DH key should be created for each use to
+avoid small-subgroup attacks that may be possible otherwise.
+

 =item B<-2>, B<-5>
 
 The generator to use, either 2 or 5. 2 is the default. If present then the
 input file is ignored and parameters are generated instead.
 
 =item B<-2>, B<-5>
 
 The generator to use, either 2 or 5. 2 is the default. If present then the
 input file is ignored and parameters are generated instead.
 

-=item B<-rand file(s)>
+=item B<-rand> I<file(s)>

 
 a file or files containing random data used to seed the random number
 generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
 
 a file or files containing random data used to seed the random number
 generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).


@@ -63,10 +76,10 @@ Multiple files can be specified separated by a OS-dependent character.
 The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
 all others.
 
 The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
 all others.
 

-=item B<numbits>
+=item I<numbits>

 
 this option specifies that a parameter set should be generated of size
 
 this option specifies that a parameter set should be generated of size

-B<numbits>. It must be the last option. If not present then a value of 512
+I<numbits>. It must be the last option. If not present then a value of 512

 is used. If this option is present then the input file is ignored and 
 parameters are generated instead.
 
 is used. If this option is present then the input file is ignored and 
 parameters are generated instead.
 


@@ -81,7 +94,7 @@ this option prints out the DH parameters in human readable form.
 =item B<-C>
 
 this option converts the parameters into C code. The parameters can then
 =item B<-C>
 
 this option converts the parameters into C code. The parameters can then

-be loaded by calling the B<get_dhXXX()> function.
+be loaded by calling the B<get_dh>I<numbits>B<()> function.

 
 =back
 
 
 =back
 


@@ -112,4 +125,9 @@ There should be a way to generate and manipulate DH keys.
 
 L<dsaparam(1)|dsaparam(1)>
 
 
 L<dsaparam(1)|dsaparam(1)>
 

+=head1 HISTORY
+
+The B<dhparam> command was added in OpenSSL 0.9.5.
+The B<-dsaparam> option was added in OpenSSL 0.9.6.
+

 =cut
 =cut

diff --git a/doc/apps/rand.pod b/doc/apps/rand.pod
index 65912d3da50bf668735c7862ca494ab0fa426d48..f81eab0457f7eff255f28318421fc758c200e136 100644 (file)
--- a/doc/apps/rand.pod
+++ b/doc/apps/rand.pod
@@ -8,7 +8,7 @@ rand - generate pseudo-random bytes
 
 B<openssl rand>
 [B<-out> I<file>]
 
 B<openssl rand>
 [B<-out> I<file>]

-[B<-rand> I<file(s)>
+[B<-rand> I<file(s)>]

 [B<-base64>]
 I<num>
 
 [B<-base64>]
 I<num>