| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
59d3fd1c |
| 13-Jan-2022 |
Tomas Mraz |
dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid
And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://githu
dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid
And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
show more ...
|
| #
09d91264 |
| 27-Oct-2021 |
Phil Mesnier |
Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with
ctx->p2 being a null pointer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openss
Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with
ctx->p2 being a null pointer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16913)
(cherry picked from commit 07e6c857364770f6e986b5d8ceb9fbe296f3c6d0)
show more ...
|
| #
1287dabd |
| 26-Oct-2021 |
x2018 |
fix some code with obvious wrong coding style
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org
fix some code with obvious wrong coding style
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16918)
show more ...
|
| #
98431c43 |
| 28-Jun-2021 |
Pauli |
dh_test: fix coverity 1473239 Argument cannot be negative (NEGATIVE_RETURNS)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
|
| #
1c49be86 |
| 10-Jun-2021 |
Shane Lontis |
Fix DH/DHX named groups to not overwrite the private key length.
The only reason(s) the DH private key length should be set are:
(1) The user sets it during key generation via EVP_PKEY_C
Fix DH/DHX named groups to not overwrite the private key length.
The only reason(s) the DH private key length should be set are:
(1) The user sets it during key generation via EVP_PKEY_CTX_set_params
using OSSL_PKEY_PARAM_DH_PRIV_LEN.
(2) When loading a PKCS3 (DH) key the optional value
'privateValueLength' is set.
Now that the named groups contain a value for 'q' there is no reason to
automatically overwrite the private key length.
Issue detected by @davidmakepeace
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15695)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
| #
89f7ea04 |
| 19-Mar-2021 |
Pauli |
test: fix coverity 1473234 & 1473239: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
|
| #
014498ff |
| 04-Apr-2021 |
Pauli |
test: fix coverity 1475940: negative return
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14769)
|
| #
97ef45ea |
| 04-Apr-2021 |
Pauli |
test: fix coverity 1475941: resource leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14769)
|
| #
e454a393 |
| 29-Mar-2021 |
Shane Lontis |
Add a range check (from SP800-56Ar3) to DH key derivation.
Fixes #14401
Note that this moves the public key check out of DH compute_key() since
key validation does not belong in
Add a range check (from SP800-56Ar3) to DH key derivation.
Fixes #14401
Note that this moves the public key check out of DH compute_key() since
key validation does not belong inside this primitive..
The check has been moved to the EVP_PKEY_derive_set_peer() function so that
it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex()
to disable this behaviour.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14717)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
| #
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
|
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
| #
55f02cb6 |
| 06-Mar-2020 |
Shane Lontis |
Change DH_get_nid() to set the value of q if it is not already set
Fixes #11108.
It only sets q if a valid named group is found.
The function signature was recently changed to p
Change DH_get_nid() to set the value of q if it is not already set
Fixes #11108.
It only sets q if a valid named group is found.
The function signature was recently changed to pass a non const DH pointer
in order to allow the nid to be cached internally. As an extension of this
the value of q can now also be set as q is always known for named groups.
The length field is also set if q is set.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11114)
show more ...
|
| #
ada66e78 |
| 03-Feb-2020 |
Pauli |
Deprecate the low level Diffie-Hellman functions.
Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by
Deprecate the low level Diffie-Hellman functions.
Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
show more ...
|
| #
ca2bf555 |
| 30-Jan-2020 |
Shane Lontis |
Add support for DH 'modp' group parameters (RFC 3526)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10897)
|
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
| #
feeb7ecd |
| 06-Sep-2019 |
Bernd Edlinger |
Check the DH modulus bit length
The check was missing in DH_check and DH_check_params.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https
Check the DH modulus bit length
The check was missing in DH_check and DH_check_params.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9796)
show more ...
|
| #
6de1fe90 |
| 22-Jul-2019 |
Bernd Edlinger |
Enforce a minimum DH modulus size of 512 bits
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9437)
|
| #
a38c878c |
| 10-Jul-2019 |
Bernd Edlinger |
Change DH parameters to generate the order q subgroup instead of 2q
This avoids leaking bit 0 of the private key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by:
Change DH parameters to generate the order q subgroup instead of 2q
This avoids leaking bit 0 of the private key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9363)
show more ...
|
| #
68756b12 |
| 30-Jun-2019 |
Antoine Cœur |
Fix Typos
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@
Fix Typos
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9275)
show more ...
|
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
| #
909f1a2e |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in test/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7767)
|
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1 |
|
| #
9ba9d81b |
| 09-Sep-2018 |
Dr. Matthias St. Pierre |
test/dhtest.c: fix resource leak
Reported by Coverity Scan (CID 1439136)
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@open
test/dhtest.c: fix resource leak
Reported by Coverity Scan (CID 1439136)
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7155)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7 |
|
| #
83cf7abf |
| 29-May-2018 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6371)
|
| #
8a59c085 |
| 17-May-2018 |
Dr. Matthias St. Pierre |
DH: add some basic tests (and comments)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6273)
|
|
Revision tags: OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
| #
7966101e |
| 18-Sep-2017 |
David Benjamin |
Allow DH_set0_key with only private key.
The pub_key field for DH isn't actually used in DH_compute_key at all.
(Note the peer public key is passed in as as BIGNUM.) It's mostly there
Allow DH_set0_key with only private key.
The pub_key field for DH isn't actually used in DH_compute_key at all.
(Note the peer public key is passed in as as BIGNUM.) It's mostly there
so the caller may extract it from DH_generate_key. It doesn't
particularly need to be present if filling in a DH from external
parameters.
The check in DH_set0_key conflicts with adding OpenSSL 1.1.0 to Node.
Their public API is a thin wrapper over the old OpenSSL one:
https://nodejs.org/api/crypto.html#crypto_class_diffiehellman
They have separate setPrivateKey and setPublicKey methods, so the public
key may be set last or not at all. In 1.0.2, either worked fine since
operations on DH objects generally didn't use the public key. (Like
with OpenSSL, Node's setPublicKey method is also largely a no-op, but so
it goes.) In 1.1.0, DH_set0_key prevents create a private-key-only DH
object.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4384)
show more ...
|
| #
176db6dc |
| 22-Aug-2017 |
Rich Salz |
Use "" not <> for internal/ includes
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4217)
|
| #
b99fe5f4 |
| 17-Aug-2017 |
Pauli |
Remove tests dependence on e_os.h
Apart from ssltest_old.c, the test suite relied on e_os.h for the
OSSL_NELEM macro and nothing else.
The ssltest_old.c also requires EXIT and s
Remove tests dependence on e_os.h
Apart from ssltest_old.c, the test suite relied on e_os.h for the
OSSL_NELEM macro and nothing else.
The ssltest_old.c also requires EXIT and some socket macros.
Create a new header to define the OSSL_NELEM macro and use that instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4186)
show more ...
|
