root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
32,475 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

8 Commits

Author SHA1 Message Date
Tomas Mraz 65b41ab319 Properly document deprecation of DH_new() and related functions 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18925)
 2022-08-04 10:58:35 +01:00
Matt Caswell 3dbf824380 Clarify the deprecation warnings in the docs 
There was recently an instance where a user was confused by the
deprecation warnings in the docs. They believed the warning applied to
the immediately preceding function declarations, when it fact it applied
to the following function declarations.

https://mta.openssl.org/pipermail/openssl-users/2021-December/014665.html

We clarify the wording to make it clear that the warning applies to the
following functions.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17180)
 2021-12-06 11:23:34 +00:00
Shane Lontis 738ee1819e Fix DH_get_nid() so that it does not cache values. 
DH_set0_pqg() is now responsible for caching the nid, q and length.

DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1)
when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation.

The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be
in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p.

Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names).
The BIGNUMS were code generated.

Fix error in documented return value for DH_get_nid

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11562)
 2020-04-20 11:07:38 +10:00
Shane Lontis 55f02cb684 Change DH_get_nid() to set the value of q if it is not already set 
Fixes #11108.

It only sets q if a valid named group is found.
The function signature was recently changed to pass a non const DH pointer
in order to allow the nid to be cached internally. As an extension of this
the value of q can now also be set as q is always known for named groups.
The length field is also set if q is set.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11114)
 2020-03-07 07:47:58 +10:00
Pauli ada66e78ef Deprecate the low level Diffie-Hellman functions. 
Use of the low level DH functions has been informally discouraged for a
long time.  We now formally deprecate them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11024)
 2020-02-20 19:04:57 +10:00
Shane Lontis ca2bf555cd Add support for DH 'modp' group parameters (RFC 3526) 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10897)
 2020-01-31 08:18:46 +10:00
Richard Levitte 4746f25ac6 Following the license change, modify the boilerplates in doc/man3/ 
[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7829)
 2018-12-06 15:34:13 +01:00
Dr. Stephen Henson 5368bf05ed Add RFC7919 documentation. 
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4485)
 2017-10-12 02:40:30 +01:00