[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Jun 1 12:20:28 UTC 2016
The branch master has been updated
via 1d54ef340864507c1b6e86238183ab4cbc7423aa (commit)
via eeb21772effdd385e44eed547d717f171487987e (commit)
from b2b361f6afb55c501bedef664c1fdc0d71a91d4b (commit)
- Log -----------------------------------------------------------------
commit 1d54ef340864507c1b6e86238183ab4cbc7423aa
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 27 13:55:47 2016 +0100
Fix printing of DH Parameters
The -text argument to dhparam is broken, because the DHparams_print()
function always returns an error. The problem is that always expects a
public or private key to be present, even though that is never the case
with parameters.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit eeb21772effdd385e44eed547d717f171487987e
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 27 13:26:03 2016 +0100
Add dhparam sanity check and update DH_check documentation
The -check argument to dhparam should never identify any problems if we
have just generated the parameters. Add a sanity check for this and print
an error and fail if necessary.
Also updates the documentation for the -check argument, and the DH_check()
function.
RT#4244
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/dhparam.c | 25 +++++++++++++++----
crypto/dh/dh_ameth.c | 3 ++-
doc/apps/dhparam.pod | 3 ++-
doc/crypto/DH_generate_parameters.pod | 46 ++++++++++++++++++++++++++---------
4 files changed, 59 insertions(+), 18 deletions(-)
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 350dd28..f86e315 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -270,15 +270,30 @@ int dhparam_main(int argc, char **argv)
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
- printf("p value is not prime\n");
+ BIO_printf(bio_err, "WARNING: p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
- printf("p value is not a safe prime\n");
+ BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
+ if (i & DH_CHECK_Q_NOT_PRIME)
+ BIO_printf(bio_err, "WARNING: q value is not a prime\n");
+ if (i & DH_CHECK_INVALID_Q_VALUE)
+ BIO_printf(bio_err, "WARNING: q value is invalid\n");
+ if (i & DH_CHECK_INVALID_J_VALUE)
+ BIO_printf(bio_err, "WARNING: j value is invalid\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
- printf("unable to check the generator value\n");
+ BIO_printf(bio_err,
+ "WARNING: unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
- printf("the g value is not a generator\n");
+ BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
if (i == 0)
- printf("DH parameters appear to be ok.\n");
+ BIO_printf(bio_err, "DH parameters appear to be ok.\n");
+ if (num != 0 && i != 0) {
+ /*
+ * We have generated parameters but DH_check() indicates they are
+ * invalid! This should never happen!
+ */
+ BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
+ goto end;
+ }
}
if (C) {
unsigned char *data;
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index b7b3717..78aea36 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -280,7 +280,8 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
else
pub_key = NULL;
- if (priv_key == NULL && pub_key == NULL) {
+ if (x->p == NULL || (ptype == 2 && priv_key == NULL)
+ || (ptype > 0 && pub_key == NULL)) {
reason = ERR_R_PASSED_NULL_PARAMETER;
goto err;
}
diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod
index 63cc0d3..addd88a 100644
--- a/doc/apps/dhparam.pod
+++ b/doc/apps/dhparam.pod
@@ -72,7 +72,8 @@ avoid small-subgroup attacks that may be possible otherwise.
=item B<-check>
-check if the parameters are valid primes and generator.
+Performs numerous checks to see if the supplied parameters are valid and
+displays a warning if not.
=item B<-2>, B<-5>
diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod
index 71fa436..8970aae 100644
--- a/doc/crypto/DH_generate_parameters.pod
+++ b/doc/crypto/DH_generate_parameters.pod
@@ -37,12 +37,41 @@ number is generated, and when a prime has been found, B<BN_GENCB_call(cb, 3, 0)>
is called. See L<BN_generate_prime(3)> for information on
the BN_GENCB_call() function.
-DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
-a safe prime, and that B<g> is a suitable generator. In the case of an
-error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
-DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
-DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
-checked, i.e. it does not equal 2 or 5.
+DH_check() confirms that the Diffie-Hellman parameters B<dh> are valid. The
+value of B<*codes> is updated with any problems found. If B<*codes> is zero then
+no problems were found, otherwise the following bits may be set:
+
+=over 4
+
+=item DH_CHECK_P_NOT_PRIME
+
+The parameter B<p> is not prime.
+
+=item DH_CHECK_P_NOT_SAFE_PRIME
+
+The parameter B<p> is not a safe prime and no B<q> value is present.
+
+=item DH_UNABLE_TO_CHECK_GENERATOR
+
+The generator B<g> cannot be checked for suitability.
+
+=item DH_NOT_SUITABLE_GENERATOR
+
+The generator B<g> is not suitable.
+
+=item DH_CHECK_Q_NOT_PRIME
+
+The parameter B<q> is not prime.
+
+=item DH_CHECK_INVALID_Q_VALUE
+
+The parameter B<q> is invalid.
+
+=item DH_CHECK_INVALID_J_VALUE
+
+The parameter B<j> is invalid.
+
+=back
=head1 RETURN VALUES
@@ -62,11 +91,6 @@ hours before finding a suitable prime.
The parameters generated by DH_generate_parameters_ex() and DH_generate_parameters()
are not to be used in signature schemes.
-=head1 BUGS
-
-If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
-a usable generator.
-
=head1 SEE ALSO
L<dh(3)>, L<ERR_get_error(3)>, L<rand(3)>,
More information about the openssl-commits
mailing list