#
5056133c |
| 08-Dec-2023 |
Neil Horman |
Avoid setting gen_type to -1 in dsa_gen_set_params gh_gen_type_common_set_params looks up a dsa contexts gen_type using name2id, but if it returns error, we inadvertently set gctx->gen_t
Avoid setting gen_type to -1 in dsa_gen_set_params gh_gen_type_common_set_params looks up a dsa contexts gen_type using name2id, but if it returns error, we inadvertently set gctx->gen_type to -1, which is an invalid value, which may lead to improper behavior in future calls, in the event that said future calls preform an operation of the form; if (gen_type == <VALID VALUE>) { do_stuff else { do_other_stuff } Technically it is not correct to continue with the operations on the gen context after failed parameters setting but this makes it more predictable. Fix it by assigning the result of a lookup to a stack variable, and only update gctx->gen_value if the lookup returns a non-failing value In leiu of testing this specific case, also add an ossl_assert in dsa_gen to validate the gen_val input prior to continuing, should other code points attempt to do the same thing Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22991)
show more ...
|
#
ec061bf8 |
| 20-Oct-2023 |
Richard Levitte |
Make DH_check_pub_key() and DH_generate_key() safer yet We already check for an excessively large P in DH_generate_key(), but not in DH_check_pub_key(), and none of them check for an exc
Make DH_check_pub_key() and DH_generate_key() safer yet We already check for an excessively large P in DH_generate_key(), but not in DH_check_pub_key(), and none of them check for an excessively large Q. This change adds all the missing excessive size checks of P and Q. It's to be noted that behaviours surrounding excessively sized P and Q differ. DH_check() raises an error on the excessively sized P, but only sets a flag for the excessively sized Q. This behaviour is mimicked in DH_check_pub_key(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22453)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
9e0094e2 |
| 06-Jul-2023 |
Matt Caswell |
Fix DH_check() excessive time with over sized modulus The DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the suppl
Fix DH_check() excessive time with over sized modulus The DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it is excessively large. There is already a maximum DH modulus size (10,000 bits) over which OpenSSL will not generate or derive keys. DH_check() will however still perform various tests for validity on such a large modulus. We introduce a new maximum (32,768) over which DH_check() will just fail. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). CVE-2023-3446 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21451)
show more ...
|
#
eab9dbbd |
| 25-Apr-2022 |
Nathan Sidwell |
Header file cleanup for C++20 header-units C++20 adds 'header units' as a stepping-stone to modules. Header units are regular header-files that have a 'self-contained' property -- t
Header file cleanup for C++20 header-units C++20 adds 'header units' as a stepping-stone to modules. Header units are regular header-files that have a 'self-contained' property -- they do not require previously-included headers to provide typedefs and what not. This addresses 2 problems discovered when using clang modules (as a proxy for C++20 header-units). a) Some headers that pay attention to OPENSSL_NO_STDIO to determine whether to declare certain FILE*-taking functions do not #include <stdio.h> themselves, relying on their includer already having done that. That breaks the above mentioned encapuslation requirement. Fixed by conditionally including stdio.h in those headers. I chose to always include stdio.h in such headers, even when they included another such header that transitively included stdio. That way they do not rely on an artifact of that intermediate header's behaviour. b) Some headers have #includes inside 'extern "C" { ... }' regions. That has a bad code-smell, but GCC and clang have extensions to permit it with implementation-defined effects. Clang needs annotation on the included files to know that they themselves are entirely inside a similar region. GCC behavesq as-if there's an extern "C++" region wrapping the included header (which must therefore wrap its contents in extern "C", if that is what it wants. In effect the includer's extern "C" region is just misleading. I didn't audit all the headers for this, only those I noticed when addressing #a. \#a is necessary to build the headers as a set of clang-modules. #b is not necessary, but as I mentioned, avoids potentially implementation-defined behaviour. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18221)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
|
#
76e48c9d |
| 22-Feb-2021 |
Tomas Mraz |
Deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm() The functions are not needed and require returning octet ptr parameters from providers that would like to s
Deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm() The functions are not needed and require returning octet ptr parameters from providers that would like to support them which complicates provider implementations. Fixes #12985 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14279)
show more ...
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i |
|
#
c829c23b |
| 01-Dec-2020 |
Richard Levitte |
EVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available EVP_PKEY_CTX_set_dh_ functions were only available when DH was enabled ('no-dsa' not configured). However, t
EVP_PKEY & DH: Make DH EVP_PKEY_CTX parameter ctrls / setters more available EVP_PKEY_CTX_set_dh_ functions were only available when DH was enabled ('no-dsa' not configured). However, that makes it impossible to use these functions with an engine or a provider that happens to implement DH. This change solves that problem by shuffling these functions to more appropriate places. By consequence, there are a number of places where we can remove the check of OPENSSL_NO_DH. This requires some re-arrangements of internal tables to translate between numeric identities and names. Partially fixes #13550 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13589)
show more ...
|
Revision tags: openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
c9f71df3 |
| 20-Oct-2020 |
Matt Caswell |
Convert DH deprecations to the new way of deprecating functions Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13138)
|
#
25e49af9 |
| 16-Oct-2020 |
Matt Caswell |
Deprecate more DH functions Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13138)
|
Revision tags: openssl-3.0.0-alpha7 |
|
#
752419d8 |
| 13-Oct-2020 |
Matt Caswell |
Deprecate DH_new as well as i2d_DHparams and d2i_DHparams Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13138)
|
Revision tags: OpenSSL_1_1_1h |
|
#
7fe32ef6 |
| 19-Aug-2020 |
Shane Lontis |
Fix no-cms build errors. Fixes #12640 The X942-KDF is now indepedent of the CMS code (since it no longer uses CMS_SharedInfo_encode). Any code related to EVP_PKEY_DH_KDF_X9_42 n
Fix no-cms build errors. Fixes #12640 The X942-KDF is now indepedent of the CMS code (since it no longer uses CMS_SharedInfo_encode). Any code related to EVP_PKEY_DH_KDF_X9_42 needs to not be wrapped by !defined(OPENSSL_NO_CMS). Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12642)
show more ...
|
Revision tags: openssl-3.0.0-alpha6 |
|
#
116d2510 |
| 04-Aug-2020 |
Shane Lontis |
Add dh_kdf support to provider Similiar to ecdh this supports the legacy kdf inside the provider dh key exchange. The supporting EVP_PKEY_CTX macros have been changed into mehtods and mo
Add dh_kdf support to provider Similiar to ecdh this supports the legacy kdf inside the provider dh key exchange. The supporting EVP_PKEY_CTX macros have been changed into mehtods and moved into dh_ctrl.c New kdfs such as SSKDF should be done as a seperate pass after doing the derive. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12575)
show more ...
|
#
627c2203 |
| 04-Aug-2020 |
Shane Lontis |
Add DHX support to keymanager Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12575)
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
588d5d01 |
| 28-Apr-2020 |
Pauli |
Undeprecate DH, DSA and RSA _bits() functions. These were deemed information and useful and that they should not be deprecated. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Undeprecate DH, DSA and RSA _bits() functions. These were deemed information and useful and that they should not be deprecated. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11669)
show more ...
|
Revision tags: openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g |
|
#
738ee181 |
| 20-Apr-2020 |
Shane Lontis |
Fix DH_get_nid() so that it does not cache values. DH_set0_pqg() is now responsible for caching the nid, q and length. DH with or without named safe prime groups now default to usin
Fix DH_get_nid() so that it does not cache values. DH_set0_pqg() is now responsible for caching the nid, q and length. DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1) when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation. The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p. Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names). The BIGNUMS were code generated. Fix error in documented return value for DH_get_nid Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11562)
show more ...
|
Revision tags: OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
ccefc341 |
| 03-Mar-2020 |
Pauli |
dhparam: update command line app to use EVP calls Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11225)
|
#
7165593c |
| 15-Apr-2020 |
Shane Lontis |
Add DH keygen to providers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11332)
|
#
8cc86b81 |
| 23-Mar-2020 |
Dr. David von Oheimb |
Constify various mostly X509-related parameter types in crypto/ and apps/ in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which
Constify various mostly X509-related parameter types in crypto/ and apps/ in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which does not break compatibility Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10504)
show more ...
|
#
ada66e78 |
| 03-Feb-2020 |
Pauli |
Deprecate the low level Diffie-Hellman functions. Use of the low level DH functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by
Deprecate the low level Diffie-Hellman functions. Use of the low level DH functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11024)
show more ...
|
#
2c64df66 |
| 03-Feb-2020 |
Pauli |
DH: fix header file indentation Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11024)
|
#
92dcfb79 |
| 06-Feb-2020 |
Matt Caswell |
Fix no-dh Don't use DH specific macros that might need to be used in a no-dh build. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/opens
Fix no-dh Don't use DH specific macros that might need to be used in a no-dh build. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11030)
show more ...
|
#
f11f86f6 |
| 06-Feb-2020 |
Shane Lontis |
Add FFC param/key generation Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10909)
|
#
ca2bf555 |
| 30-Jan-2020 |
Shane Lontis |
Add support for DH 'modp' group parameters (RFC 3526) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10897)
|