From: Matt Caswell Date: Fri, 27 May 2016 12:26:03 +0000 (+0100) Subject: Add dhparam sanity check and update DH_check documentation X-Git-Tag: OpenSSL_1_1_0-pre6~626 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=eeb21772effdd385e44eed547d717f171487987e;p=oweals%2Fopenssl.git Add dhparam sanity check and update DH_check documentation The -check argument to dhparam should never identify any problems if we have just generated the parameters. Add a sanity check for this and print an error and fail if necessary. Also updates the documentation for the -check argument, and the DH_check() function. RT#4244 Reviewed-by: Richard Levitte --- diff --git a/apps/dhparam.c b/apps/dhparam.c index 350dd28196..f86e315599 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -270,15 +270,30 @@ int dhparam_main(int argc, char **argv) goto end; } if (i & DH_CHECK_P_NOT_PRIME) - printf("p value is not prime\n"); + BIO_printf(bio_err, "WARNING: p value is not prime\n"); if (i & DH_CHECK_P_NOT_SAFE_PRIME) - printf("p value is not a safe prime\n"); + BIO_printf(bio_err, "WARNING: p value is not a safe prime\n"); + if (i & DH_CHECK_Q_NOT_PRIME) + BIO_printf(bio_err, "WARNING: q value is not a prime\n"); + if (i & DH_CHECK_INVALID_Q_VALUE) + BIO_printf(bio_err, "WARNING: q value is invalid\n"); + if (i & DH_CHECK_INVALID_J_VALUE) + BIO_printf(bio_err, "WARNING: j value is invalid\n"); if (i & DH_UNABLE_TO_CHECK_GENERATOR) - printf("unable to check the generator value\n"); + BIO_printf(bio_err, + "WARNING: unable to check the generator value\n"); if (i & DH_NOT_SUITABLE_GENERATOR) - printf("the g value is not a generator\n"); + BIO_printf(bio_err, "WARNING: the g value is not a generator\n"); if (i == 0) - printf("DH parameters appear to be ok.\n"); + BIO_printf(bio_err, "DH parameters appear to be ok.\n"); + if (num != 0 && i != 0) { + /* + * We have generated parameters but DH_check() indicates they are + * invalid! This should never happen! + */ + BIO_printf(bio_err, "ERROR: Invalid parameters generated\n"); + goto end; + } } if (C) { unsigned char *data; diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod index 63cc0d372b..addd88a540 100644 --- a/doc/apps/dhparam.pod +++ b/doc/apps/dhparam.pod @@ -72,7 +72,8 @@ avoid small-subgroup attacks that may be possible otherwise. =item B<-check> -check if the parameters are valid primes and generator. +Performs numerous checks to see if the supplied parameters are valid and +displays a warning if not. =item B<-2>, B<-5> diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod index 71fa4363d4..8970aae444 100644 --- a/doc/crypto/DH_generate_parameters.pod +++ b/doc/crypto/DH_generate_parameters.pod @@ -37,12 +37,41 @@ number is generated, and when a prime has been found, B is called. See L for information on the BN_GENCB_call() function. -DH_check() validates Diffie-Hellman parameters. It checks that B

is -a safe prime, and that B is a suitable generator. In the case of an -error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or -DH_NOT_SUITABLE_GENERATOR are set in B<*codes>. -DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be -checked, i.e. it does not equal 2 or 5. +DH_check() confirms that the Diffie-Hellman parameters B are valid. The +value of B<*codes> is updated with any problems found. If B<*codes> is zero then +no problems were found, otherwise the following bits may be set: + +=over 4 + +=item DH_CHECK_P_NOT_PRIME + +The parameter B

is not prime. + +=item DH_CHECK_P_NOT_SAFE_PRIME + +The parameter B

is not a safe prime and no B value is present. + +=item DH_UNABLE_TO_CHECK_GENERATOR + +The generator B cannot be checked for suitability. + +=item DH_NOT_SUITABLE_GENERATOR + +The generator B is not suitable. + +=item DH_CHECK_Q_NOT_PRIME + +The parameter B is not prime. + +=item DH_CHECK_INVALID_Q_VALUE + +The parameter B is invalid. + +=item DH_CHECK_INVALID_J_VALUE + +The parameter B is invalid. + +=back =head1 RETURN VALUES @@ -62,11 +91,6 @@ hours before finding a suitable prime. The parameters generated by DH_generate_parameters_ex() and DH_generate_parameters() are not to be used in signature schemes. -=head1 BUGS - -If B is not 2 or 5, Bg>=B is not -a usable generator. - =head1 SEE ALSO L, L, L,