diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-04-20 11:07:38 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-04-20 11:07:38 +1000 |
commit | 738ee1819e3bb94723701fb505ce2971afe47a9b (patch) | |
tree | 2fd8588534087594f2371060c20bc6890d39a33a /doc | |
parent | 9e537cd2ad01b172f2700a670e9269075078a426 (diff) |
Fix DH_get_nid() so that it does not cache values.
DH_set0_pqg() is now responsible for caching the nid, q and length.
DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1)
when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation.
The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be
in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p.
Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names).
The BIGNUMS were code generated.
Fix error in documented return value for DH_get_nid
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11562)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/DH_get0_pqg.pod | 13 | ||||
-rw-r--r-- | doc/man3/DH_new_by_nid.pod | 10 |
2 files changed, 9 insertions, 14 deletions
diff --git a/doc/man3/DH_get0_pqg.pod b/doc/man3/DH_get0_pqg.pod index 2c63e52b38..74268087a1 100644 --- a/doc/man3/DH_get0_pqg.pod +++ b/doc/man3/DH_get0_pqg.pod @@ -57,11 +57,9 @@ and therefore the values that have been passed in should not be freed directly after this function has been called. The I<q> parameter may be NULL. DH_set0_pqg() also checks if the parameters associated with I<p> and I<g> and optionally I<q> are associated with known safe prime groups. If it is a safe -prime group then the value of I<q> will be set to q = (p - 1) / 2 if I<q> is NULL. -For safe prime groups the optional length parameter I<length> is set to twice -the value of the maximum_target_security_strength(BN_num_bits(I<p>)) as listed in -SP800-56Ar3 Table(s) 25 & 26. If it is not a safe prime group then the optional -length parameter will be set if I<q> is not NULL to BN_num_bits(I<q>). +prime group then the value of I<q> will be set to q = (p - 1) / 2 if I<q> is +NULL. The optional length parameter will be set to BN_num_bits(I<q>) if I<q> +is not NULL. To get the public and private key values use the DH_get0_key() function. A pointer to the public key will be stored in I<*pub_key>, and a pointer to the @@ -96,7 +94,10 @@ object, or NULL if no such ENGINE has been set. This function is deprecated. The DH_get_length() and DH_set_length() functions get and set the optional length parameter associated with this DH object. If the length is nonzero then it is used, otherwise it is ignored. The I<length> parameter indicates the -length of the secret exponent (private key) in bits. +length of the secret exponent (private key) in bits. These functions are +deprecated. For safe prime groups the optional length parameter I<length> can be +set to a value greater or equal to 2 * maximum_target_security_strength(BN_num_bits(I<p>)) +as listed in SP800-56Ar3 Table(s) 25 & 26. =head1 NOTES diff --git a/doc/man3/DH_new_by_nid.pod b/doc/man3/DH_new_by_nid.pod index a333ecb6d2..163be09fed 100644 --- a/doc/man3/DH_new_by_nid.pod +++ b/doc/man3/DH_new_by_nid.pod @@ -2,7 +2,7 @@ =head1 NAME -DH_new_by_nid, DH_get_nid - get or find DH named parameters +DH_new_by_nid, DH_get_nid - create or get DH named parameters =head1 SYNOPSIS @@ -13,7 +13,7 @@ Deprecated since OpenSSL 3.0, can be hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, see L<openssl_user_macros(7)>: - int *DH_get_nid(DH *dh); + int DH_get_nid(const DH *dh); =head1 DESCRIPTION @@ -26,12 +26,6 @@ B<NID_modp_4096>, B<NID_modp_6144> or B<NID_modp_8192>. DH_get_nid() determines if the parameters contained in B<dh> match any named safe prime group. It returns the NID corresponding to the matching parameters or B<NID_undef> if there is no match. -Internally it caches the nid, so that any subsequent calls can fetch the -cached value. -If a matching p and g are not found and the value of parameter q is not set, -then it is set to q = (p - 1) / 2. -If parameter q is already set then it must also match the expected q otherwise -no match will be found. This function is deprecated. =head1 RETURN VALUES |