diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-04-20 11:07:38 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-04-20 11:07:38 +1000 |
commit | 738ee1819e3bb94723701fb505ce2971afe47a9b (patch) | |
tree | 2fd8588534087594f2371060c20bc6890d39a33a /crypto/ffc | |
parent | 9e537cd2ad01b172f2700a670e9269075078a426 (diff) |
Fix DH_get_nid() so that it does not cache values.
DH_set0_pqg() is now responsible for caching the nid, q and length.
DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1)
when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation.
The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be
in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p.
Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names).
The BIGNUMS were code generated.
Fix error in documented return value for DH_get_nid
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11562)
Diffstat (limited to 'crypto/ffc')
-rw-r--r-- | crypto/ffc/ffc_key_generate.c | 27 |
1 files changed, 6 insertions, 21 deletions
diff --git a/crypto/ffc/ffc_key_generate.c b/crypto/ffc/ffc_key_generate.c index 4e2f231d83..aeabae010f 100644 --- a/crypto/ffc/ffc_key_generate.c +++ b/crypto/ffc/ffc_key_generate.c @@ -10,7 +10,6 @@ #include "internal/ffc.h" /* - * For Fips mode: * SP800-56Ar3 5.6.1.1.4 Key pair generation by testing candidates. * Generates a private key in the interval [1, min(2 ^ N - 1, q - 1)]. * @@ -23,32 +22,18 @@ int ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, int N, int s, BIGNUM *priv) { -#ifdef FIPS_MODE - return ffc_generate_private_key_fips(ctx, params, N, s, priv); -#else - do { - if (!BN_priv_rand_range_ex(priv, params->q, ctx)) - return 0; - } while (BN_is_zero(priv) || BN_is_one(priv)); - return 1; -#endif /* FIPS_MODE */ -} - -int ffc_generate_private_key_fips(BN_CTX *ctx, const FFC_PARAMS *params, - int N, int s, BIGNUM *priv) -{ int ret = 0, qbits = BN_num_bits(params->q); BIGNUM *m, *two_powN = NULL; - /* Step (2) : check range of N */ - if (N < 2 * s || N > qbits) - return 0; - /* Deal with the edge case where the value of N is not set */ - if (N == 0) { + if (N == 0) N = qbits; + if (s == 0) s = N / 2; - } + + /* Step (2) : check range of N */ + if (N < 2 * s || N > qbits) + return 0; two_powN = BN_new(); /* 2^N */ |