#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
ad5d3557 |
| 25-Jul-2023 |
Tomas Mraz |
dhtest.c: Add test of DH_check() with q = p + 1 This must fail with DH_CHECK_INVALID_Q_VALUE and with DH_CHECK_Q_NOT_PRIME unset. Reviewed-by: Matt Caswell <matt@openssl.org>
dhtest.c: Add test of DH_check() with q = p + 1 This must fail with DH_CHECK_INVALID_Q_VALUE and with DH_CHECK_Q_NOT_PRIME unset. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/21550)
show more ...
|
#
ede782b4 |
| 07-Jul-2023 |
Matt Caswell |
Add a test for CVE-2023-3446 Confirm that the only errors DH_check() finds with DH parameters with an excessively long modulus is that the modulus is too large. We should not be perf
Add a test for CVE-2023-3446 Confirm that the only errors DH_check() finds with DH parameters with an excessively long modulus is that the modulus is too large. We should not be performing time consuming checks using that modulus. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21451)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
59d3fd1c |
| 13-Jan-2022 |
Tomas Mraz |
dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://githu
dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17498)
show more ...
|
#
09d91264 |
| 27-Oct-2021 |
Phil Mesnier |
Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with ctx->p2 being a null pointer. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openss
Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with ctx->p2 being a null pointer. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16913) (cherry picked from commit 07e6c857364770f6e986b5d8ceb9fbe296f3c6d0)
show more ...
|
#
1287dabd |
| 26-Oct-2021 |
x2018 |
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
show more ...
|
#
98431c43 |
| 28-Jun-2021 |
Pauli |
dh_test: fix coverity 1473239 Argument cannot be negative (NEGATIVE_RETURNS) Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15943)
|
#
1c49be86 |
| 10-Jun-2021 |
Shane Lontis |
Fix DH/DHX named groups to not overwrite the private key length. The only reason(s) the DH private key length should be set are: (1) The user sets it during key generation via EVP_PKEY_C
Fix DH/DHX named groups to not overwrite the private key length. The only reason(s) the DH private key length should be set are: (1) The user sets it during key generation via EVP_PKEY_CTX_set_params using OSSL_PKEY_PARAM_DH_PRIV_LEN. (2) When loading a PKCS3 (DH) key the optional value 'privateValueLength' is set. Now that the named groups contain a value for 'q' there is no reason to automatically overwrite the private key length. Issue detected by @davidmakepeace Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15695)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
#
89f7ea04 |
| 19-Mar-2021 |
Pauli |
test: fix coverity 1473234 & 1473239: argument cannot be negative Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14620)
|
#
014498ff |
| 04-Apr-2021 |
Pauli |
test: fix coverity 1475940: negative return Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14769)
|
#
97ef45ea |
| 04-Apr-2021 |
Pauli |
test: fix coverity 1475941: resource leak Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14769)
|
#
e454a393 |
| 29-Mar-2021 |
Shane Lontis |
Add a range check (from SP800-56Ar3) to DH key derivation. Fixes #14401 Note that this moves the public key check out of DH compute_key() since key validation does not belong in
Add a range check (from SP800-56Ar3) to DH key derivation. Fixes #14401 Note that this moves the public key check out of DH compute_key() since key validation does not belong inside this primitive.. The check has been moved to the EVP_PKEY_derive_set_peer() function so that it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex() to disable this behaviour. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14717)
show more ...
|
Revision tags: openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
55f02cb6 |
| 06-Mar-2020 |
Shane Lontis |
Change DH_get_nid() to set the value of q if it is not already set Fixes #11108. It only sets q if a valid named group is found. The function signature was recently changed to p
Change DH_get_nid() to set the value of q if it is not already set Fixes #11108. It only sets q if a valid named group is found. The function signature was recently changed to pass a non const DH pointer in order to allow the nid to be cached internally. As an extension of this the value of q can now also be set as q is always known for named groups. The length field is also set if q is set. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11114)
show more ...
|
#
ada66e78 |
| 03-Feb-2020 |
Pauli |
Deprecate the low level Diffie-Hellman functions. Use of the low level DH functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by
Deprecate the low level Diffie-Hellman functions. Use of the low level DH functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11024)
show more ...
|
#
ca2bf555 |
| 30-Jan-2020 |
Shane Lontis |
Add support for DH 'modp' group parameters (RFC 3526) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10897)
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
feeb7ecd |
| 06-Sep-2019 |
Bernd Edlinger |
Check the DH modulus bit length The check was missing in DH_check and DH_check_params. [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https
Check the DH modulus bit length The check was missing in DH_check and DH_check_params. [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9796)
show more ...
|
#
6de1fe90 |
| 22-Jul-2019 |
Bernd Edlinger |
Enforce a minimum DH modulus size of 512 bits [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9437)
|
#
a38c878c |
| 10-Jul-2019 |
Bernd Edlinger |
Change DH parameters to generate the order q subgroup instead of 2q This avoids leaking bit 0 of the private key. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
Change DH parameters to generate the order q subgroup instead of 2q This avoids leaking bit 0 of the private key. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/9363)
show more ...
|
#
68756b12 |
| 30-Jun-2019 |
Antoine Cœur |
Fix Typos CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@
Fix Typos CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9275)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
909f1a2e |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in test/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7767)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1 |
|
#
9ba9d81b |
| 09-Sep-2018 |
Dr. Matthias St. Pierre |
test/dhtest.c: fix resource leak Reported by Coverity Scan (CID 1439136) [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@open
test/dhtest.c: fix resource leak Reported by Coverity Scan (CID 1439136) [extended tests] Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7155)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7 |
|
#
83cf7abf |
| 29-May-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6371)
|
#
8a59c085 |
| 17-May-2018 |
Dr. Matthias St. Pierre |
DH: add some basic tests (and comments) Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6273)
|