| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
ad5d3557 |
| 25-Jul-2023 |
Tomas Mraz |
dhtest.c: Add test of DH_check() with q = p + 1
This must fail with DH_CHECK_INVALID_Q_VALUE and
with DH_CHECK_Q_NOT_PRIME unset.
Reviewed-by: Matt Caswell <matt@openssl.org>
dhtest.c: Add test of DH_check() with q = p + 1
This must fail with DH_CHECK_INVALID_Q_VALUE and
with DH_CHECK_Q_NOT_PRIME unset.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21550)
show more ...
|
| #
ede782b4 |
| 07-Jul-2023 |
Matt Caswell |
Add a test for CVE-2023-3446
Confirm that the only errors DH_check() finds with DH parameters with an
excessively long modulus is that the modulus is too large. We should not
be perf
Add a test for CVE-2023-3446
Confirm that the only errors DH_check() finds with DH parameters with an
excessively long modulus is that the modulus is too large. We should not
be performing time consuming checks using that modulus.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
show more ...
|
| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
59d3fd1c |
| 13-Jan-2022 |
Tomas Mraz |
dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid
And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://githu
dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid
And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)
show more ...
|
| #
09d91264 |
| 27-Oct-2021 |
Phil Mesnier |
Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with
ctx->p2 being a null pointer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openss
Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with
ctx->p2 being a null pointer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16913)
(cherry picked from commit 07e6c857364770f6e986b5d8ceb9fbe296f3c6d0)
show more ...
|
| #
1287dabd |
| 26-Oct-2021 |
x2018 |
fix some code with obvious wrong coding style
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org
fix some code with obvious wrong coding style
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16918)
show more ...
|
| #
98431c43 |
| 28-Jun-2021 |
Pauli |
dh_test: fix coverity 1473239 Argument cannot be negative (NEGATIVE_RETURNS)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
|
| #
1c49be86 |
| 10-Jun-2021 |
Shane Lontis |
Fix DH/DHX named groups to not overwrite the private key length.
The only reason(s) the DH private key length should be set are:
(1) The user sets it during key generation via EVP_PKEY_C
Fix DH/DHX named groups to not overwrite the private key length.
The only reason(s) the DH private key length should be set are:
(1) The user sets it during key generation via EVP_PKEY_CTX_set_params
using OSSL_PKEY_PARAM_DH_PRIV_LEN.
(2) When loading a PKCS3 (DH) key the optional value
'privateValueLength' is set.
Now that the named groups contain a value for 'q' there is no reason to
automatically overwrite the private key length.
Issue detected by @davidmakepeace
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15695)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
| #
89f7ea04 |
| 19-Mar-2021 |
Pauli |
test: fix coverity 1473234 & 1473239: argument cannot be negative
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
|
| #
014498ff |
| 04-Apr-2021 |
Pauli |
test: fix coverity 1475940: negative return
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14769)
|
| #
97ef45ea |
| 04-Apr-2021 |
Pauli |
test: fix coverity 1475941: resource leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14769)
|
| #
e454a393 |
| 29-Mar-2021 |
Shane Lontis |
Add a range check (from SP800-56Ar3) to DH key derivation.
Fixes #14401
Note that this moves the public key check out of DH compute_key() since
key validation does not belong in
Add a range check (from SP800-56Ar3) to DH key derivation.
Fixes #14401
Note that this moves the public key check out of DH compute_key() since
key validation does not belong inside this primitive..
The check has been moved to the EVP_PKEY_derive_set_peer() function so that
it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex()
to disable this behaviour.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14717)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
| #
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
|
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
| #
55f02cb6 |
| 06-Mar-2020 |
Shane Lontis |
Change DH_get_nid() to set the value of q if it is not already set
Fixes #11108.
It only sets q if a valid named group is found.
The function signature was recently changed to p
Change DH_get_nid() to set the value of q if it is not already set
Fixes #11108.
It only sets q if a valid named group is found.
The function signature was recently changed to pass a non const DH pointer
in order to allow the nid to be cached internally. As an extension of this
the value of q can now also be set as q is always known for named groups.
The length field is also set if q is set.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11114)
show more ...
|
| #
ada66e78 |
| 03-Feb-2020 |
Pauli |
Deprecate the low level Diffie-Hellman functions.
Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by
Deprecate the low level Diffie-Hellman functions.
Use of the low level DH functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
show more ...
|
| #
ca2bf555 |
| 30-Jan-2020 |
Shane Lontis |
Add support for DH 'modp' group parameters (RFC 3526)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10897)
|
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
| #
feeb7ecd |
| 06-Sep-2019 |
Bernd Edlinger |
Check the DH modulus bit length
The check was missing in DH_check and DH_check_params.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https
Check the DH modulus bit length
The check was missing in DH_check and DH_check_params.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9796)
show more ...
|
| #
6de1fe90 |
| 22-Jul-2019 |
Bernd Edlinger |
Enforce a minimum DH modulus size of 512 bits
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9437)
|
| #
a38c878c |
| 10-Jul-2019 |
Bernd Edlinger |
Change DH parameters to generate the order q subgroup instead of 2q
This avoids leaking bit 0 of the private key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by:
Change DH parameters to generate the order q subgroup instead of 2q
This avoids leaking bit 0 of the private key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9363)
show more ...
|
| #
68756b12 |
| 30-Jun-2019 |
Antoine Cœur |
Fix Typos
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@
Fix Typos
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9275)
show more ...
|
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
| #
909f1a2e |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in test/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7767)
|
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1 |
|
| #
9ba9d81b |
| 09-Sep-2018 |
Dr. Matthias St. Pierre |
test/dhtest.c: fix resource leak
Reported by Coverity Scan (CID 1439136)
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@open
test/dhtest.c: fix resource leak
Reported by Coverity Scan (CID 1439136)
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7155)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7 |
|
| #
83cf7abf |
| 29-May-2018 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6371)
|
| #
8a59c085 |
| 17-May-2018 |
Dr. Matthias St. Pierre |
DH: add some basic tests (and comments)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6273)
|
