From 738ee1819e3bb94723701fb505ce2971afe47a9b Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Mon, 20 Apr 2020 11:07:38 +1000 Subject: Fix DH_get_nid() so that it does not cache values. DH_set0_pqg() is now responsible for caching the nid, q and length. DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1) when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation. The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p. Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names). The BIGNUMS were code generated. Fix error in documented return value for DH_get_nid Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11562) --- include/internal/ffc.h | 2 -- 1 file changed, 2 deletions(-) (limited to 'include/internal/ffc.h') diff --git a/include/internal/ffc.h b/include/internal/ffc.h index 90a13a5fd4..8a948066d6 100644 --- a/include/internal/ffc.h +++ b/include/internal/ffc.h @@ -149,8 +149,6 @@ int ffc_params_FIPS186_2_validate(const FFC_PARAMS *params, int type, int ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, int N, int s, BIGNUM *priv); -int ffc_generate_private_key_fips(BN_CTX *ctx, const FFC_PARAMS *params, - int N, int s, BIGNUM *priv); int ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, const BIGNUM *p, const BIGNUM *q, -- cgit v1.2.3