mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,060 Commits 34 Branches 385 Tags 513 MiB
a64c48cff8
Commit Graph

9 Commits

Author SHA1 Message Date
Tomas Mraz
ddb13b283b Use as small dh key size as possible to support the security 
Longer private key sizes unnecessarily raise the cycles needed to
compute the shared secret without any increase of the real security.

We use minimum key sizes as defined in RFC7919.

For arbitrary parameters we cannot know whether they are safe
primes (we could test but that would be too inefficient) we have
to keep generating large keys.

However we now set a small dh->length when we are generating safe prime
parameters because we know it is safe to use small keys with them.

That means users need to regenerate the parameters if they
want to take the performance advantage of small private key.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
 2022-07-18 08:06:17 +01:00
Matt Caswell
38fc02a708 Update copyright year 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15801)
 2021-06-17 13:24:59 +01:00
Pauli
5cbd2ea3f9 add zero strenght arguments to BN and RAND RNG calls 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
 2021-05-29 17:17:12 +10:00
Pauli
5357c10624 ffc: add _ossl to exported but internal functions 
The functions updated are:
    ffc_generate_private_key, ffc_named_group_from_uid,
    ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify,
    ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate,
    ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate,
    ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp,
    ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name,
    ffc_params_flags_to_name, ffc_params_fromdata,
    ffc_params_get0_pqg, ffc_params_get_validate_params,
    ffc_params_init, ffc_params_print, ffc_params_set0_j,
    ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex,
    ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed,
    ffc_params_set_validate_params, ffc_params_simple_validate,
    ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest,
    ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key
    and ffc_validate_public_key_partial.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13041)
 2020-10-06 09:04:19 +10:00
Shane Lontis
738ee1819e Fix DH_get_nid() so that it does not cache values. 
DH_set0_pqg() is now responsible for caching the nid, q and length.

DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1)
when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation.

The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be
in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p.

Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names).
The BIGNUMS were code generated.

Fix error in documented return value for DH_get_nid

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11562)
 2020-04-20 11:07:38 +10:00
Shane Lontis
b03ec3b5d6 Add DSA keygen to provider 
Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11303)
 2020-04-15 21:02:52 +10:00
Shane Lontis
55f02cb684 Change DH_get_nid() to set the value of q if it is not already set 
Fixes #11108.

It only sets q if a valid named group is found.
The function signature was recently changed to pass a non const DH pointer
in order to allow the nid to be cached internally. As an extension of this
the value of q can now also be set as q is always known for named groups.
The length field is also set if q is set.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11114)
 2020-03-07 07:47:58 +10:00
Shane Lontis
8083fd3a18 Add FFC param/key validation 
Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10910)
 2020-02-16 13:03:46 +10:00
Shane Lontis
f11f86f6ec Add FFC param/key generation 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10909)
 2020-02-06 22:28:36 +10:00