From 738ee1819e3bb94723701fb505ce2971afe47a9b Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Mon, 20 Apr 2020 11:07:38 +1000 Subject: Fix DH_get_nid() so that it does not cache values. DH_set0_pqg() is now responsible for caching the nid, q and length. DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1) when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation. The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p. Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names). The BIGNUMS were code generated. Fix error in documented return value for DH_get_nid Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11562) --- include/crypto/bn_dh.h | 13 ++++++++++++- include/crypto/dh.h | 1 + include/internal/ffc.h | 2 -- include/openssl/core_names.h | 1 + include/openssl/dh.h | 2 +- 5 files changed, 15 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/crypto/bn_dh.h b/include/crypto/bn_dh.h index c19d4f0734..b900c36651 100644 --- a/include/crypto/bn_dh.h +++ b/include/crypto/bn_dh.h @@ -9,8 +9,8 @@ #define declare_dh_bn(x) \ extern const BIGNUM _bignum_dh##x##_p; \ + extern const BIGNUM _bignum_dh##x##_q; \ extern const BIGNUM _bignum_dh##x##_g; \ - extern const BIGNUM _bignum_dh##x##_q; declare_dh_bn(1024_160) declare_dh_bn(2048_224) @@ -23,6 +23,11 @@ extern const BIGNUM _bignum_ffdhe3072_p; extern const BIGNUM _bignum_ffdhe4096_p; extern const BIGNUM _bignum_ffdhe6144_p; extern const BIGNUM _bignum_ffdhe8192_p; +extern const BIGNUM _bignum_ffdhe2048_q; +extern const BIGNUM _bignum_ffdhe3072_q; +extern const BIGNUM _bignum_ffdhe4096_q; +extern const BIGNUM _bignum_ffdhe6144_q; +extern const BIGNUM _bignum_ffdhe8192_q; extern const BIGNUM _bignum_modp_1536_p; extern const BIGNUM _bignum_modp_2048_p; @@ -30,3 +35,9 @@ extern const BIGNUM _bignum_modp_3072_p; extern const BIGNUM _bignum_modp_4096_p; extern const BIGNUM _bignum_modp_6144_p; extern const BIGNUM _bignum_modp_8192_p; +extern const BIGNUM _bignum_modp_1536_q; +extern const BIGNUM _bignum_modp_2048_q; +extern const BIGNUM _bignum_modp_3072_q; +extern const BIGNUM _bignum_modp_4096_q; +extern const BIGNUM _bignum_modp_6144_q; +extern const BIGNUM _bignum_modp_8192_q; diff --git a/include/crypto/dh.h b/include/crypto/dh.h index 150d13b370..1ae2c2f0a3 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -20,6 +20,7 @@ int dh_generate_public_key(BN_CTX *ctx, DH *dh, const BIGNUM *priv_key, BIGNUM *pub_key); int dh_get_named_group_uid_from_size(int pbits); const char *dh_gen_type_id2name(int id); +void dh_cache_named_group(DH *dh); FFC_PARAMS *dh_get0_params(DH *dh); int dh_get0_nid(const DH *dh); diff --git a/include/internal/ffc.h b/include/internal/ffc.h index 90a13a5fd4..8a948066d6 100644 --- a/include/internal/ffc.h +++ b/include/internal/ffc.h @@ -149,8 +149,6 @@ int ffc_params_FIPS186_2_validate(const FFC_PARAMS *params, int type, int ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, int N, int s, BIGNUM *priv); -int ffc_generate_private_key_fips(BN_CTX *ctx, const FFC_PARAMS *params, - int N, int s, BIGNUM *priv); int ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, const BIGNUM *p, const BIGNUM *q, diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index b5ee883bc7..4ac17497fc 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -207,6 +207,7 @@ extern "C" { /* Diffie-Hellman params */ #define OSSL_PKEY_PARAM_FFC_GROUP "group" #define OSSL_PKEY_PARAM_FFC_GENERATOR "safeprime-generator" +#define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" /* Elliptic Curve Domain Parameters */ #define OSSL_PKEY_PARAM_EC_NAME "curve-name" diff --git a/include/openssl/dh.h b/include/openssl/dh.h index ab455b7492..074cf84bab 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -196,7 +196,7 @@ DH *DH_get_2048_256(void); /* Named parameters, currently RFC7919 and RFC3526 */ /* TODO(3.0): deprecate DH_new_by_nid() after converting ssl/s3_lib.c */ DH *DH_new_by_nid(int nid); -DEPRECATEDIN_3_0(int DH_get_nid(DH *dh)) +DEPRECATEDIN_3_0(int DH_get_nid(const DH *dh)) # ifndef OPENSSL_NO_CMS /* RFC2631 KDF */ -- cgit v1.2.3