diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-04-20 11:07:38 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-04-20 11:07:38 +1000 |
| commit | 738ee1819e3bb94723701fb505ce2971afe47a9b (patch) | |
| tree | 2fd8588534087594f2371060c20bc6890d39a33a /crypto/dh/dh_key.c | |
| parent | 9e537cd2ad01b172f2700a670e9269075078a426 (diff) | |
Fix DH_get_nid() so that it does not cache values.
DH_set0_pqg() is now responsible for caching the nid, q and length.
DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1)
when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation.
The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be
in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p.
Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names).
The BIGNUMS were code generated.
Fix error in documented return value for DH_get_nid
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11562)
Diffstat (limited to 'crypto/dh/dh_key.c')
| -rw-r--r-- | crypto/dh/dh_key.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index e46946153b..918949d953 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -18,6 +18,7 @@ #include "dh_local.h" #include "crypto/bn.h" #include "crypto/dh.h" +#include "crypto/security_bits.h" #ifdef FIPS_MODE # define MIN_STRENGTH 112 @@ -252,16 +253,15 @@ static int generate_key(DH *dh) if (generate_new_key) { /* Is it an approved safe prime ?*/ if (DH_get_nid(dh) != NID_undef) { - /* - * The safe prime group code sets N = 2*s - * (where s = max security strength supported). - * N = dh->length (N = maximum bit length of private key) - */ + int max_strength = + ifc_ffc_compute_security_bits(BN_num_bits(dh->params.p)); + if (dh->params.q == NULL || dh->length > BN_num_bits(dh->params.q)) goto err; + /* dh->length = maximum bit length of generated private key */ if (!ffc_generate_private_key(ctx, &dh->params, dh->length, - dh->length / 2, priv_key)) + max_strength, priv_key)) goto err; } else { #ifdef FIPS_MODE |