Allow DH_set0_key with only private key. #4384
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The pub_key field for DH isn't actually used in DH_compute_key at all. (Note the peer public key is passed in as as BIGNUM.) It's mostly there so the caller may extract it from DH_generate_key. It doesn't particularly need to be present if filling in a DH from external parameters. The check in DH_set0_key conflicts with adding OpenSSL 1.1.0 to Node. Their public API is a thin wrapper over the old OpenSSL one: https://nodejs.org/api/crypto.html#crypto_class_diffiehellman They have separate setPrivateKey and setPublicKey methods, so the public key may be set last or not at all. In 1.0.2, either worked fine since operations on DH objects generally didn't use the public key. (Like with OpenSSL, Node's setPublicKey method is also largely a no-op, but so it goes.) In 1.1.0, DH_set0_key prevents create a private-key-only DH object.
dot-asm
approved these changes
Sep 19, 2017
dot-asm
added
the
approval: review pending
bernd-edlinger
approved these changes
Sep 25, 2017
richsalz
approved these changes
Sep 26, 2017
richsalz
added
approval: done
Contributor
|
let me know if you want me to merge anyone :) |
levitte
pushed a commit
that referenced
this pull request
Sep 26, 2017
The pub_key field for DH isn't actually used in DH_compute_key at all. (Note the peer public key is passed in as as BIGNUM.) It's mostly there so the caller may extract it from DH_generate_key. It doesn't particularly need to be present if filling in a DH from external parameters. The check in DH_set0_key conflicts with adding OpenSSL 1.1.0 to Node. Their public API is a thin wrapper over the old OpenSSL one: https://nodejs.org/api/crypto.html#crypto_class_diffiehellman They have separate setPrivateKey and setPublicKey methods, so the public key may be set last or not at all. In 1.0.2, either worked fine since operations on DH objects generally didn't use the public key. (Like with OpenSSL, Node's setPublicKey method is also largely a no-op, but so it goes.) In 1.1.0, DH_set0_key prevents create a private-key-only DH object. Reviewed-by: Andy Polyakov <[email protected]> Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> (Merged from #4384)
Member
|
Merged to master. Thanks! |
Contributor
Author
|
Thanks! If this could be cherry-picked to 1.1.0, that would be nice. Otherwise some projects may have a hard fine switching to 1.1.0. |
Member
|
@davidben I think there are conflicts so our merge script does not seem work. |
Contributor
|
the cherry-pick should work, you'll just have to manual fix the manpage (remove the man3 one and port it to the crypto dir). i approve that if you want. |
Member
|
I think the test case does also not work without manual fix... |
Contributor
|
Oh yeah. You can ignore the test case. |
Member
|
Ooookay for me, @dot-asm are you OK with this? |
2 tasks
Contributor
Author
|
Here is a merge with test case and all: #4425 |
agl
pushed a commit
to google/boringssl
that referenced
this pull request
Sep 29, 2017
Although we are derived from 1.0.2, we mimic 1.1.0 in some ways around our FOO_up_ref functions and opaque libssl types. This causes some difficulties when porting third-party code as any OPENSSL_VERSION_NUMBER checks for 1.1.0 APIs we have will be wrong. Moreover, adding accessors without changing OPENSSL_VERSION_NUMBER can break external projects. It is common to implement a compatibility version of an accessor under #ifdef as a static function. This then conflicts with our headers if we, unlike OpenSSL 1.0.2, have this function. This change switches OPENSSL_VERSION_NUMBER to 1.1.0 and atomically adds enough accessors for software with 1.1.0 support already. The hope is this will unblock hiding SSL_CTX and SSL_SESSION, which will be especially useful with C++-ficiation. The cost is we will hit some growing pains as more 1.1.0 consumers enter the ecosystem and we converge on the right set of APIs to import from upstream. It does not remove any 1.0.2 APIs, so we will not require that all projects support 1.1.0. The exception is APIs which changed in 1.1.0 but did not change the function signature. Those are breaking changes. Specifically: - SSL_CTX_sess_set_get_cb is now const-correct. - X509_get0_signature is now const-correct. For C++ consumers only, this change temporarily includes an overload hack for SSL_CTX_sess_set_get_cb that keeps the old callback working. This is a workaround for Node not yet supporting OpenSSL 1.1.0. The version number is set at (the as yet unreleased) 1.1.0g to denote that this change includes openssl/openssl#4384. Bug: 91 Change-Id: I5eeb27448a6db4c25c244afac37f9604d9608a76 Reviewed-on: https://boringssl-review.googlesource.com/10340 Commit-Queue: David Benjamin <[email protected]> CQ-Verified: CQ bot account: [email protected] <[email protected]> Reviewed-by: Adam Langley <[email protected]>
3 tasks
davidben
added a commit
to davidben/node
that referenced
this pull request
Nov 2, 2017
Add a regression test for openssl/openssl#4384.
davidben
added a commit
to davidben/node
that referenced
this pull request
Nov 2, 2017
Parts of this were cherry-picked from PR nodejs#8491. Note that this only works with OpenSSL 1.0.2 or 1.1.0g or later. 1.1.0g is, as of writing, not yet released, but the fix is on the branch. See openssl/openssl#4384.
rvagg
pushed a commit
to nodejs/node
that referenced
this pull request
Nov 11, 2017
Add a regression test for openssl/openssl#4384. PR-URL: #16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
rvagg
pushed a commit
to nodejs/node
that referenced
this pull request
Nov 11, 2017
Parts of this were cherry-picked from PR #8491. Note that this only works with OpenSSL 1.0.2 or 1.1.0g or later. 1.1.0g is, as of writing, not yet released, but the fix is on the branch. See openssl/openssl#4384. PR-URL: #16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
evanlucas
pushed a commit
to nodejs/node
that referenced
this pull request
Nov 13, 2017
Add a regression test for openssl/openssl#4384. PR-URL: #16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
evanlucas
pushed a commit
to nodejs/node
that referenced
this pull request
Nov 13, 2017
Parts of this were cherry-picked from PR #8491. Note that this only works with OpenSSL 1.0.2 or 1.1.0g or later. 1.1.0g is, as of writing, not yet released, but the fix is on the branch. See openssl/openssl#4384. PR-URL: #16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
MylesBorins
pushed a commit
to MylesBorins/node
that referenced
this pull request
Feb 7, 2018
Add a regression test for openssl/openssl#4384. PR-URL: nodejs#16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
MylesBorins
pushed a commit
to MylesBorins/node
that referenced
this pull request
Feb 7, 2018
Parts of this were cherry-picked from PR nodejs#8491. Note that this only works with OpenSSL 1.0.2 or 1.1.0g or later. 1.1.0g is, as of writing, not yet released, but the fix is on the branch. See openssl/openssl#4384. PR-URL: nodejs#16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
MylesBorins
pushed a commit
to nodejs/node
that referenced
this pull request
Feb 7, 2018
Add a regression test for openssl/openssl#4384. PR-URL: #16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
MylesBorins
pushed a commit
to nodejs/node
that referenced
this pull request
Feb 7, 2018
Parts of this were cherry-picked from PR #8491. Note that this only works with OpenSSL 1.0.2 or 1.1.0g or later. 1.1.0g is, as of writing, not yet released, but the fix is on the branch. See openssl/openssl#4384. PR-URL: #16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
MylesBorins
pushed a commit
to MylesBorins/node
that referenced
this pull request
Feb 7, 2018
Add a regression test for openssl/openssl#4384. PR-URL: nodejs#16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
MylesBorins
pushed a commit
to MylesBorins/node
that referenced
this pull request
Feb 7, 2018
Parts of this were cherry-picked from PR nodejs#8491. Note that this only works with OpenSSL 1.0.2 or 1.1.0g or later. 1.1.0g is, as of writing, not yet released, but the fix is on the branch. See openssl/openssl#4384. PR-URL: nodejs#16130 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
gibfahn
pushed a commit
to nodejs/node
that referenced
this pull request
Feb 18, 2018
Add a regression test for openssl/openssl#4384. PR-URL: #16130 Backport-PR-URL: #18622 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
gibfahn
pushed a commit
to nodejs/node
that referenced
this pull request
Feb 18, 2018
Parts of this were cherry-picked from PR #8491. Note that this only works with OpenSSL 1.0.2 or 1.1.0g or later. 1.1.0g is, as of writing, not yet released, but the fix is on the branch. See openssl/openssl#4384. PR-URL: #16130 Backport-PR-URL: #18622 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
FelixWolf
pushed a commit
to openuruunofficial/MOSS
that referenced
this pull request
Mar 20, 2019
Newer builds are leaving out SHA-0 support. Handle this by including a basic from-scratch implementation coded directly from FIPS180-1 (which does describe the changes between SHA and SHA-1). Since the difference was trivial a basic SHA-1 implemenatation is included as well. A basic test is included too. OpenSSL 1.1.0 makes the DH data structure opaque with accessors. Furthermore, the file handle *_fp functions are not always built either. Address these problems by rewriting all the Cyan-style DH file reading and writing code to use BIO and to use the DH accessors. Also, work around OpenSSL mistakenly requiring a public key for DH, see also openssl/openssl#4384 Fix up all the OpenSSL-related build code. The autoconf macro was not properly handling the move of functionality from libssl to libcrypto. It now also separately checks for SHA and RC4 (because the latter is surely next to go). Add configure flags for each of these and fix up all the #includes and #ifdefs. For test programs use the in-tree SHA/SHA-1 unconditionally (it's simpler to do this), presuming the OpenSSL one is better (though it is not too critical in the actual server either). --HG-- branch : de-bitrot-2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(@shigeki FYI)
The pub_key field for DH isn't actually used in DH_compute_key at all.
(Note the peer public key is passed in as as BIGNUM.) It's mostly there
so the caller may extract it from DH_generate_key. It doesn't
particularly need to be present if filling in a DH from external
parameters.
The check in DH_set0_key conflicts with adding OpenSSL 1.1.0 to Node.
Their public API is a thin wrapper over the old OpenSSL one:
https://nodejs.org/api/crypto.html#crypto_class_diffiehellman
They have separate setPrivateKey and setPublicKey methods, so the public
key may be set last or not at all. In 1.0.2, either worked fine since
operations on DH objects generally didn't use the public key. (Like
with OpenSSL, Node's setPublicKey method is also largely a no-op, but so
it goes.) In 1.1.0, DH_set0_key prevents create a private-key-only DH
object.
Checklist