diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-04-20 11:07:38 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-04-20 11:07:38 +1000 |
| commit | 738ee1819e3bb94723701fb505ce2971afe47a9b (patch) | |
| tree | 2fd8588534087594f2371060c20bc6890d39a33a /crypto/dh/dh_lib.c | |
| parent | 9e537cd2ad01b172f2700a670e9269075078a426 (diff) | |
Fix DH_get_nid() so that it does not cache values.
DH_set0_pqg() is now responsible for caching the nid, q and length.
DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1)
when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation.
The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be
in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p.
Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names).
The BIGNUMS were code generated.
Fix error in documented return value for DH_get_nid
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11562)
Diffstat (limited to 'crypto/dh/dh_lib.c')
| -rw-r--r-- | crypto/dh/dh_lib.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 3643cb1471..7e42d13f3c 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -209,7 +209,8 @@ void DH_get0_pqg(const DH *dh, int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { - /* If the fields p and g in d are NULL, the corresponding input + /* + * If the fields p and g in d are NULL, the corresponding input * parameters MUST be non-NULL. q may remain NULL. */ if ((dh->params.p == NULL && p == NULL) @@ -217,7 +218,9 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) return 0; ffc_params_set0_pqg(&dh->params, p, q, g); - dh->params.nid = NID_undef; + dh_cache_named_group(dh); + if (q != NULL) + dh->length = BN_num_bits(q); /* * Check if this is a named group. If it finds a named group then the * 'q' and 'length' value are either already set or are set by the @@ -260,6 +263,7 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) if (priv_key != NULL) { BN_clear_free(dh->priv_key); dh->priv_key = priv_key; + dh->length = BN_num_bits(priv_key); } dh->dirty_cnt++; @@ -335,7 +339,7 @@ int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[]) ret = ffc_params_fromdata(ffc, params); if (ret) { - DH_get_nid(dh); + dh_cache_named_group(dh); dh->dirty_cnt++; } return ret; |