On May 4 14:19:08 2006 UTC, while fixing a security issue, djm@

provided the new public function DH_check_pub_key(3) in <openssl/dh.h>. Sorry for being a bit tardy in documenting the new function. Then again, OpenSSL doesn't document it either, yet. While here, drop a HISTORY entry about a constant that was renamed in OpenSSL 0.9.5. That's no longer relevant.
author: schwarze <> 2022-07-13 13:47:59 +0000
committer: schwarze <> 2022-07-13 13:47:59 +0000
commit: 804492125a13d020c0c64031999be4726f3f5e7f (patch)
tree: 5af1ca096e0824596121391d40b69263c3d14166 /src
parent: d9188a8b0fbacddf3ebd84a4543221902dca1ede (diff)
download: openbsd-804492125a13d020c0c64031999be4726f3f5e7f.tar.gz
openbsd-804492125a13d020c0c64031999be4726f3f5e7f.tar.bz2
openbsd-804492125a13d020c0c64031999be4726f3f5e7f.zip
1 files changed, 64 insertions, 11 deletions
diff --git a/src/lib/libcrypto/man/DH_generate_parameters.3 b/src/lib/libcrypto/man/DH_generate_parameters.3
index accdf116f5..ac29521ec4 100644
--- a/src/lib/libcrypto/man/DH_generate_parameters.3
+++ b/src/lib/libcrypto/man/DH_generate_parameters.3
@@ -1,7 +1,26 @@
-.\"     $OpenBSD: DH_generate_parameters.3,v 1.13 2019/06/10 14:58:48 schwarze Exp $
+.\" $OpenBSD: DH_generate_parameters.3,v 1.14 2022/07/13 13:47:59 schwarze Exp $
-.\"     OpenSSL 05ea606a May 20 20:52:46 2016 -0400
+.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
+.\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000
 .\"
-.\" This file was written by Ulf Moeller <ulf@openssl.org>.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Ulf Moeller <ulf@openssl.org>
+.\" and Matt Caswell <matt@openssl.org>.
 .\" Copyright (c) 2000, 2016 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -48,12 +67,13 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 10 2019 $
+.Dd $Mdocdate: July 13 2022 $
 .Dt DH_GENERATE_PARAMETERS 3
 .Os
 .Sh NAME
 .Nm DH_generate_parameters_ex ,
 .Nm DH_check ,
+.Nm DH_check_pub_key ,
 .Nm DH_generate_parameters
 .Nd generate and check Diffie-Hellman parameters
 .Sh SYNOPSIS
@@ -70,6 +90,12 @@
 .Fa "DH *dh"
 .Fa "int *codes"
 .Fc
+.Ft int
+.Fo DH_check_pub_key
+.Fa "const DH *dh"
+.Fa "const BIGNUM *pub_key"
+.Fa "int *codes"
+.Fc
 .Pp
 Deprecated:
 .Pp
@@ -130,11 +156,39 @@ The generator
 .Fa dh->g
 is not suitable.
 .El
+.Pp
+.Fn DH_check_pub_key
+checks whether
+.Fa pub_key
+is a valid public key when using the domain parameters contained in
+.Fa dh .
+If no problems are found,
+.Pf * Ar codes
+is set to zero.
+Otherwise, one or more of the following bits are set:
+.Bl -tag -width Ds
+.It Dv DH_CHECK_PUBKEY_TOO_SMALL
+.Fa pub_key
+is less than or equal to 1.
+.It Dv DH_CHECK_PUBKEY_TOO_LARGE
+.Fa pub_key
+is greater than or equal to
+.Fa dh->p No \- 1 .
+.It DH_CHECK_PUBKEY_INVALID
+.Fa dh->q
+is set but
+.Fa pub_key
+to the power of
+.Fa dh->q
+is not 1 modulo
+.Fa dh->p .
+.El
 .Sh RETURN VALUES
-.Fn DH_generate_parameters_ex
+.Fn DH_generate_parameters_ex ,
+.Fn DH_check ,
 and
-.Fn DH_check
+.Fn DH_check_pub_key
-return 1 if the check could be performed, or 0 otherwise.
+return 1 if the check could be performed or 0 otherwise.
 .Pp
 .Fn DH_generate_parameters
 (deprecated) returns a pointer to the
@@ -161,10 +215,9 @@ argument to
 .Fn DH_generate_parameters
 was added in SSLeay 0.9.0.
 .Pp
-In versions before OpenSSL 0.9.5,
+.Fn DH_check_pub_key
-.Dv DH_CHECK_P_NOT_STRONG_PRIME
+first appeared in OpenSSL 0.9.8a and has been available since
-is used instead of
+.Ox 4.0 .
-.Dv DH_CHECK_P_NOT_SAFE_PRIME .
 .Pp
 .Fn DH_generate_parameters_ex
 first appeared in OpenSSL 0.9.8 and has been available since
author	schwarze <>	2022-07-13 13:47:59 +0000
committer	schwarze <>	2022-07-13 13:47:59 +0000
commit	804492125a13d020c0c64031999be4726f3f5e7f (patch)
tree	5af1ca096e0824596121391d40b69263c3d14166 /src
parent	d9188a8b0fbacddf3ebd84a4543221902dca1ede (diff)
download	openbsd-804492125a13d020c0c64031999be4726f3f5e7f.tar.gz openbsd-804492125a13d020c0c64031999be4726f3f5e7f.tar.bz2 openbsd-804492125a13d020c0c64031999be4726f3f5e7f.zip

diff --git a/src/lib/libcrypto/man/DH_generate_parameters.3 b/src/lib/libcrypto/man/DH_generate_parameters.3 index accdf116f5..ac29521ec4 100644 --- a/src/lib/libcrypto/man/DH_generate_parameters.3 +++ b/src/lib/libcrypto/man/DH_generate_parameters.3
@@ -1,7 +1,26 @@
1	.\" $OpenBSD: DH_generate_parameters.3,v 1.13 2019/06/10 14:58:48 schwarze Exp $	1	.\" $OpenBSD: DH_generate_parameters.3,v 1.14 2022/07/13 13:47:59 schwarze Exp $
2	.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400	2	.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
		3	.\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000
3	.\"	4	.\"
4	.\" This file was written by Ulf Moeller <ulf@openssl.org>.	5	.\" This file is a derived work.
		6	.\" The changes are covered by the following Copyright and license:
		7	.\"
		8	.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
		9	.\"
		10	.\" Permission to use, copy, modify, and distribute this software for any
		11	.\" purpose with or without fee is hereby granted, provided that the above
		12	.\" copyright notice and this permission notice appear in all copies.
		13	.\"
		14	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		15	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		16	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		17	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		18	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		19	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		20	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		21	.\"
		22	.\" The original file was written by Ulf Moeller <ulf@openssl.org>
		23	.\" and Matt Caswell <matt@openssl.org>.
5	.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved.	24	.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved.
6	.\"	25	.\"
7	.\" Redistribution and use in source and binary forms, with or without	26	.\" Redistribution and use in source and binary forms, with or without
@@ -48,12 +67,13 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	67	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	68	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	69	.\"
51	.Dd $Mdocdate: June 10 2019 $	70	.Dd $Mdocdate: July 13 2022 $
52	.Dt DH_GENERATE_PARAMETERS 3	71	.Dt DH_GENERATE_PARAMETERS 3
53	.Os	72	.Os
54	.Sh NAME	73	.Sh NAME
55	.Nm DH_generate_parameters_ex ,	74	.Nm DH_generate_parameters_ex ,
56	.Nm DH_check ,	75	.Nm DH_check ,
		76	.Nm DH_check_pub_key ,
57	.Nm DH_generate_parameters	77	.Nm DH_generate_parameters
58	.Nd generate and check Diffie-Hellman parameters	78	.Nd generate and check Diffie-Hellman parameters
59	.Sh SYNOPSIS	79	.Sh SYNOPSIS
@@ -70,6 +90,12 @@
70	.Fa "DH *dh"	90	.Fa "DH *dh"
71	.Fa "int *codes"	91	.Fa "int *codes"
72	.Fc	92	.Fc
		93	.Ft int
		94	.Fo DH_check_pub_key
		95	.Fa "const DH *dh"
		96	.Fa "const BIGNUM *pub_key"
		97	.Fa "int *codes"
		98	.Fc
73	.Pp	99	.Pp
74	Deprecated:	100	Deprecated:
75	.Pp	101	.Pp
@@ -130,11 +156,39 @@ The generator
130	.Fa dh->g	156	.Fa dh->g
131	is not suitable.	157	is not suitable.
132	.El	158	.El
		159	.Pp
		160	.Fn DH_check_pub_key
		161	checks whether
		162	.Fa pub_key
		163	is a valid public key when using the domain parameters contained in
		164	.Fa dh .
		165	If no problems are found,
		166	.Pf * Ar codes
		167	is set to zero.
		168	Otherwise, one or more of the following bits are set:
		169	.Bl -tag -width Ds
		170	.It Dv DH_CHECK_PUBKEY_TOO_SMALL
		171	.Fa pub_key
		172	is less than or equal to 1.
		173	.It Dv DH_CHECK_PUBKEY_TOO_LARGE
		174	.Fa pub_key
		175	is greater than or equal to
		176	.Fa dh->p No \- 1 .
		177	.It DH_CHECK_PUBKEY_INVALID
		178	.Fa dh->q
		179	is set but
		180	.Fa pub_key
		181	to the power of
		182	.Fa dh->q
		183	is not 1 modulo
		184	.Fa dh->p .
		185	.El
133	.Sh RETURN VALUES	186	.Sh RETURN VALUES
134	.Fn DH_generate_parameters_ex	187	.Fn DH_generate_parameters_ex ,
		188	.Fn DH_check ,
135	and	189	and
136	.Fn DH_check	190	.Fn DH_check_pub_key
137	return 1 if the check could be performed, or 0 otherwise.	191	return 1 if the check could be performed or 0 otherwise.
138	.Pp	192	.Pp
139	.Fn DH_generate_parameters	193	.Fn DH_generate_parameters
140	(deprecated) returns a pointer to the	194	(deprecated) returns a pointer to the
@@ -161,10 +215,9 @@ argument to
161	.Fn DH_generate_parameters	215	.Fn DH_generate_parameters
162	was added in SSLeay 0.9.0.	216	was added in SSLeay 0.9.0.
163	.Pp	217	.Pp
164	In versions before OpenSSL 0.9.5,	218	.Fn DH_check_pub_key
165	.Dv DH_CHECK_P_NOT_STRONG_PRIME	219	first appeared in OpenSSL 0.9.8a and has been available since
166	is used instead of	220	.Ox 4.0 .
167	.Dv DH_CHECK_P_NOT_SAFE_PRIME .
168	.Pp	221	.Pp
169	.Fn DH_generate_parameters_ex	222	.Fn DH_generate_parameters_ex
170	first appeared in OpenSSL 0.9.8 and has been available since	223	first appeared in OpenSSL 0.9.8 and has been available since