Check the modulus bit length#9796
Closed
bernd-edlinger wants to merge 3 commits intoopenssl:masterfrom
Closed
Conversation
bernd-edlinger
force-pushed
the
check_bit_length_in_dh_check
branch
2 times, most recently
from
31617c6 to
9a60820
Compare
The check was missing in DH_check and DH_check_params. [extended tests]
so results were undefined.
bernd-edlinger
force-pushed
the
check_bit_length_in_dh_check
branch
from
758c44c to
fc0f536
Compare
paulidale
reviewed
Sep 9, 2019
paulidale
approved these changes
Sep 9, 2019
Contributor
paulidale
left a comment
paulidale
left a comment
There was a problem hiding this comment.
Looks good, just one query about clearing the pub_key field when freeing. It looks odd.
Member
Author
Member
|
Is this for master only? If not, it should be labeled appropriately UPDATE: oh... |
Member
Author
|
Yes, sorry for confusion, but whenever I look somewhere, something comes up. |
Contributor
|
I'm okay with cherry picking the changes. |
levitte
pushed a commit
that referenced
this pull request
Sep 9, 2019
The check was missing in DH_check and DH_check_params. [extended tests] Reviewed-by: Paul Dale <[email protected]> (Merged from #9796)
levitte
pushed a commit
that referenced
this pull request
Sep 9, 2019
Reviewed-by: Paul Dale <[email protected]> (Merged from #9796)
levitte
pushed a commit
that referenced
this pull request
Sep 9, 2019
so results were undefined. Reviewed-by: Paul Dale <[email protected]> (Merged from #9796)
levitte
pushed a commit
that referenced
this pull request
Sep 9, 2019
so results were undefined. Reviewed-by: Paul Dale <[email protected]> (Merged from #9796) (cherry picked from commit 2b95e8e)
levitte
pushed a commit
that referenced
this pull request
Sep 9, 2019
Reviewed-by: Paul Dale <[email protected]> (Merged from #9796) (cherry picked from commit fa01370)
levitte
pushed a commit
that referenced
this pull request
Sep 9, 2019
Reviewed-by: Paul Dale <[email protected]> (Merged from #9796) (cherry picked from commit fa01370)
Member
Author
|
Merged to all branches where applicable, cherry-pick for 1.0.2 did fail, |
mattcaswell
added a commit
to mattcaswell/openssl
that referenced
this pull request
Mar 4, 2021
The dh_test was failing because we now enforce a lower bound on the modulus size that may be used. A number of locations in dhtest.c were assuming that a very small modulus is valid. A 512 bit lower bound was introduced by PR openssl#9437 (commit 6de1fe9) and subsequently amended by PR openssl#9796 (commit feeb7ec). The CHANGES entry says this: * Enforce a minimum DH modulus size of 512 bits.
levitte
pushed a commit
to levitte/openssl
that referenced
this pull request
Mar 4, 2021
The dh_test was failing because we now enforce a lower bound on the modulus size that may be used. A number of locations in dhtest.c were assuming that a very small modulus is valid. A 512 bit lower bound was introduced by PR openssl#9437 (commit 6de1fe9) and subsequently amended by PR openssl#9796 (commit feeb7ec). The CHANGES entry says this: * Enforce a minimum DH modulus size of 512 bits.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The check was missing in DH_check and DH_check_params.
DH_check_pub_key_ex was accidentally calling DH_check,
so results were undefined.
[extended tests]
Checklist