kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
47ebec1210
boringssl/include/openssl
History
David Benjamin 47ebec1210 Validate DH public keys for RFC 5114 groups. 
This is CVE-2016-0701 for OpenSSL, reported by Antonio Sanso. It is a no-op for
us as we'd long removed SSL_OP_DH_SINGLE_USE and static DH cipher suites. (We
also do not parse or generate X9.42 DH parameters.)

However, we do still have the APIs which return RFC 5114 groups, so we should
perform the necessary checks in case later consumers reuse keys.

Unlike groups we generate, RFC 5114 groups do not use "safe primes" and have
many small subgroups. In those cases, the subprime q is available. Before using
a public key, ensure its order is q by checking y^q = 1 (mod p). (q is assumed
to be prime and the existing range checks ensure y is not 1.)

(Imported from upstream's 878e2c5b13010329c203f309ed0c8f2113f85648 and
75374adf8a6ff69d6718952121875a491ed2cd29, but with some bugs fixed. See
RT4278.)

Change-Id: Ib18c3e84819002fa36a127ac12ca00ee33ea018a
Reviewed-on: https://boringssl-review.googlesource.com/7001
Reviewed-by: Adam Langley <agl@google.com>
2016-02-02 16:44:38 +00:00
..
aead.h Point EVP_aead_chacha20_poly1305 at the standardized version. 2015-12-16 21:22:11 +00:00
aes.h
arm_arch.h
asn1_mac.h
asn1.h Remove ASN1_R_MALLOC_FAILURE. 2015-12-22 00:12:24 +00:00
asn1t.h
base64.h
base.h Fold EC_GROUP_new_curve_GFp and EC_GROUP_set_generator into a EC_GROUP_new_arbitrary. 2016-01-21 22:35:46 +00:00
bio.h Tweaks for node.js 2016-01-26 23:23:42 +00:00
blowfish.h Add decrepit, initially containing CAST and Blowfish. 2015-04-06 16:58:45 -07:00
bn.h Rename the BIGNUM ASN.1 functions. 2016-01-27 22:37:44 +00:00
buf.h Have doc.go parse struct comments. 2016-01-26 23:23:23 +00:00
buffer.h
bytestring.h Rewrite ssl3_send_server_key_exchange to use CBB. 2015-12-22 17:23:58 +00:00
cast.h
chacha.h Change |CRYPTO_chacha_20| to use 96-bit nonces, 32-bit counters. 2015-10-26 23:58:46 +00:00
cipher.h Fix up several comments and detect problems in the future. 2015-11-05 20:12:45 +00:00
cmac.h Style: fix some header guards 2015-10-26 18:47:51 +00:00
conf.h Also add a no-op stub for OPENSSL_config. 2016-01-26 15:48:51 +00:00
cpu.h Allow |CRYPTO_is_NEON_capable| to be known at compile time, if possible. 2015-11-19 00:15:11 +00:00
crypto.h Tweaks for node.js 2016-01-26 23:23:42 +00:00
curve25519.h Update draft-irtf-cfrg-curves-11 references to RFC 7748. 2016-01-28 00:53:26 +00:00
des.h Fix shared library build on OS X. 2015-10-26 23:39:47 +00:00
dh.h Validate DH public keys for RFC 5114 groups. 2016-02-02 16:44:38 +00:00
digest.h
dsa.h Have doc.go parse struct comments. 2016-01-26 23:23:23 +00:00
dtls1.h
ec_key.h Update comments to better document in-place semantics. 2016-01-19 17:01:37 +00:00
ec.h Tweaks for node.js 2016-01-26 23:23:42 +00:00
ecdh.h Clean up |ECDH_compute_key|. 2015-10-27 17:00:25 +00:00
ecdsa.h Update comments to better document in-place semantics. 2016-01-19 17:01:37 +00:00
engine.h Unwind DH_METHOD and DSA_METHOD. 2015-11-03 22:54:36 +00:00
err.h Have doc.go parse struct comments. 2016-01-26 23:23:23 +00:00
evp.h Don't allow EVP_PKEY_RSA2. 2016-01-28 00:43:37 +00:00
ex_data.h Skip free callbacks on empty CRYPTO_EX_DATAs. 2015-12-15 21:32:14 +00:00
hkdf.h
hmac.h
lhash_macros.h
lhash.h Style: fix some header guards 2015-10-26 18:47:51 +00:00
md4.h Store the partial block as uint8_t, not uint32_t. 2015-12-16 19:59:29 +00:00
md5.h Store the partial block as uint8_t, not uint32_t. 2015-12-16 19:59:29 +00:00
mem.h Fix some documentation comments. 2016-01-21 22:12:08 +00:00
obj_mac.h Allocate a NID for X25519. 2015-12-22 18:56:53 +00:00
obj.h Fix up several comments and detect problems in the future. 2015-11-05 20:12:45 +00:00
objects.h
opensslfeatures.h
opensslv.h
ossl_typ.h Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
pem.h Resolve a few old TODOs. 2015-12-22 00:14:35 +00:00
pkcs7.h
pkcs8.h
pkcs12.h
poly1305.h
pqueue.h
rand.h Add a few more no-op stubs for cURL compatibility. 2016-01-26 15:48:41 +00:00
rc4.h
rsa.h Update comments to better document in-place semantics. 2016-01-19 17:01:37 +00:00
safestack.h
sha.h Store the partial block as uint8_t, not uint32_t. 2015-12-16 19:59:29 +00:00
srtp.h Fold srtp.h into ssl.h. 2015-09-14 23:59:37 +00:00
ssl3.h Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER. 2015-12-15 19:14:00 +00:00
ssl.h Fix documentation string. 2016-01-27 22:20:32 +00:00
stack_macros.h Remove stack macros for nonexistent types. 2015-12-22 00:12:38 +00:00
stack.h Remove stack macros for nonexistent types. 2015-12-22 00:12:38 +00:00
thread.h
time_support.h Style: fix some header guards 2015-10-26 18:47:51 +00:00
tls1.h Update references to the extended master secret draft. 2016-02-02 16:37:55 +00:00
type_check.h
x509_vfy.h Import “altchains” support. 2016-01-19 17:02:31 +00:00
x509.h Resolve a few old TODOs. 2015-12-22 00:14:35 +00:00
x509v3.h