[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Wed Jun 1 12:20:28 UTC 2016

The branch master has been updated
       via  1d54ef340864507c1b6e86238183ab4cbc7423aa (commit)
       via  eeb21772effdd385e44eed547d717f171487987e (commit)
      from  b2b361f6afb55c501bedef664c1fdc0d71a91d4b (commit)

- Log -----------------------------------------------------------------
commit 1d54ef340864507c1b6e86238183ab4cbc7423aa
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 27 13:55:47 2016 +0100

    Fix printing of DH Parameters
    The -text argument to dhparam is broken, because the DHparams_print()
    function always returns an error. The problem is that always expects a
    public or private key to be present, even though that is never the case
    with parameters.
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit eeb21772effdd385e44eed547d717f171487987e
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 27 13:26:03 2016 +0100

    Add dhparam sanity check and update DH_check documentation
    The -check argument to dhparam should never identify any problems if we
    have just generated the parameters. Add a sanity check for this and print
    an error and fail if necessary.
    Also updates the documentation for the -check argument, and the DH_check()
    Reviewed-by: Richard Levitte <levitte at openssl.org>


Summary of changes:
 apps/dhparam.c                        | 25 +++++++++++++++----
 crypto/dh/dh_ameth.c                  |  3 ++-
 doc/apps/dhparam.pod                  |  3 ++-
 doc/crypto/DH_generate_parameters.pod | 46 ++++++++++++++++++++++++++---------
 4 files changed, 59 insertions(+), 18 deletions(-)

diff --git a/apps/dhparam.c b/apps/dhparam.c
index 350dd28..f86e315 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -270,15 +270,30 @@ int dhparam_main(int argc, char **argv)
             goto end;
         if (i & DH_CHECK_P_NOT_PRIME)
-            printf("p value is not prime\n");
+            BIO_printf(bio_err, "WARNING: p value is not prime\n");
         if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-            printf("p value is not a safe prime\n");
+            BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
+        if (i & DH_CHECK_Q_NOT_PRIME)
+            BIO_printf(bio_err, "WARNING: q value is not a prime\n");
+        if (i & DH_CHECK_INVALID_Q_VALUE)
+            BIO_printf(bio_err, "WARNING: q value is invalid\n");
+        if (i & DH_CHECK_INVALID_J_VALUE)
+            BIO_printf(bio_err, "WARNING: j value is invalid\n");
-            printf("unable to check the generator value\n");
+            BIO_printf(bio_err,
+                       "WARNING: unable to check the generator value\n");
-            printf("the g value is not a generator\n");
+            BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
         if (i == 0)
-            printf("DH parameters appear to be ok.\n");
+            BIO_printf(bio_err, "DH parameters appear to be ok.\n");
+        if (num != 0 && i != 0) {
+            /*
+             * We have generated parameters but DH_check() indicates they are
+             * invalid! This should never happen!
+             */
+            BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
+            goto end;
+        }
     if (C) {
         unsigned char *data;
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index b7b3717..78aea36 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -280,7 +280,8 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
         pub_key = NULL;
-    if (priv_key == NULL && pub_key == NULL) {
+    if (x->p == NULL || (ptype == 2 && priv_key == NULL)
+            || (ptype > 0 && pub_key == NULL)) {
         reason = ERR_R_PASSED_NULL_PARAMETER;
         goto err;
diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod
index 63cc0d3..addd88a 100644
--- a/doc/apps/dhparam.pod
+++ b/doc/apps/dhparam.pod
@@ -72,7 +72,8 @@ avoid small-subgroup attacks that may be possible otherwise.
 =item B<-check>
-check if the parameters are valid primes and generator.
+Performs numerous checks to see if the supplied parameters are valid and
+displays a warning if not.
 =item B<-2>, B<-5>
diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod
index 71fa436..8970aae 100644
--- a/doc/crypto/DH_generate_parameters.pod
+++ b/doc/crypto/DH_generate_parameters.pod
@@ -37,12 +37,41 @@ number is generated, and when a prime has been found, B<BN_GENCB_call(cb, 3, 0)>
 is called. See L<BN_generate_prime(3)> for information on
 the BN_GENCB_call() function.
-DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
-a safe prime, and that B<g> is a suitable generator. In the case of an
-error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
-DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
-DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
-checked, i.e. it does not equal 2 or 5.
+DH_check() confirms that the Diffie-Hellman parameters B<dh> are valid. The
+value of B<*codes> is updated with any problems found. If B<*codes> is zero then
+no problems were found, otherwise the following bits may be set:
+=over 4
+The parameter B<p> is not prime.
+The parameter B<p> is not a safe prime and no B<q> value is present.
+The generator B<g> cannot be checked for suitability.
+The generator B<g> is not suitable.
+The parameter B<q> is not prime.
+The parameter B<q> is invalid.
+The parameter B<j> is invalid.
@@ -62,11 +91,6 @@ hours before finding a suitable prime.
 The parameters generated by DH_generate_parameters_ex() and DH_generate_parameters()
 are not to be used in signature schemes.
-=head1 BUGS
-If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
-a usable generator.
 =head1 SEE ALSO
 L<dh(3)>, L<ERR_get_error(3)>, L<rand(3)>,

More information about the openssl-commits mailing list