[openssl/openssl] ddb13b: Use as small dh key size as possible to support th...

Tomas Mraz noreply at reply.github.openssl.org
Mon Jul 18 07:08:10 UTC 2022


  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: ddb13b283be84d771deba1e964610b1670641f03
      https://github.openssl.org/openssl/openssl/commit/ddb13b283be84d771deba1e964610b1670641f03
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M CHANGES.md
    M crypto/dh/dh_gen.c
    M crypto/dh/dh_group_params.c
    M crypto/ffc/ffc_backend.c
    M crypto/ffc/ffc_dh.c
    M crypto/ffc/ffc_key_generate.c
    M include/internal/ffc.h
    M test/ffc_internal_test.c

  Log Message:
  -----------
  Use as small dh key size as possible to support the security

Longer private key sizes unnecessarily raise the cycles needed to
compute the shared secret without any increase of the real security.

We use minimum key sizes as defined in RFC7919.

For arbitrary parameters we cannot know whether they are safe
primes (we could test but that would be too inefficient) we have
to keep generating large keys.

However we now set a small dh->length when we are generating safe prime
parameters because we know it is safe to use small keys with them.

That means users need to regenerate the parameters if they
want to take the performance advantage of small private key.

Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)


  Commit: ff54094cb9e1e5033f6e3e72717e741cf24f5c29
      https://github.openssl.org/openssl/openssl/commit/ff54094cb9e1e5033f6e3e72717e741cf24f5c29
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M providers/implementations/encode_decode/encode_key2text.c
    M test/recipes/30-test_evp_pkey_provided/DH.priv.txt
    M test/recipes/30-test_evp_pkey_provided/DH.pub.txt

  Log Message:
  -----------
  dh_to_text: Print the dh->length if set

Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)


  Commit: 2b11a8ecc8ed1355b99a6d88b8e7e7a75a67bd0a
      https://github.openssl.org/openssl/openssl/commit/2b11a8ecc8ed1355b99a6d88b8e7e7a75a67bd0a
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M test/recipes/20-test_dhparam.t

  Log Message:
  -----------
  dhparam_test: Test that we add private key length on generation and print it

Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)


  Commit: 2885b2ca4eee5586baa50208e41a1ca54532eb3a
      https://github.openssl.org/openssl/openssl/commit/2885b2ca4eee5586baa50208e41a1ca54532eb3a
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M doc/man1/openssl-dhparam.pod.in

  Log Message:
  -----------
  dhparam: Correct the documentation of -dsaparam

Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)


  Commit: 2266d1cad008ef03cb0791397b1cca9aaa6a4428
      https://github.openssl.org/openssl/openssl/commit/2266d1cad008ef03cb0791397b1cca9aaa6a4428
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M test/evp_extra_test2.c

  Log Message:
  -----------
  Test that we generate a short private key for known DH prime

Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)


  Commit: 5f311b10ab3dd6417a3247c62b4ec072751459db
      https://github.openssl.org/openssl/openssl/commit/5f311b10ab3dd6417a3247c62b4ec072751459db
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
    M crypto/ffc/ffc_params.c
    M test/ffc_internal_test.c

  Log Message:
  -----------
  ossl_ffc_params_copy: Copy the keylength too

Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)


Compare: https://github.openssl.org/openssl/openssl/compare/358103b4a651...5f311b10ab3d


More information about the openssl-commits mailing list