git.openssl.org Git - openssl.git/commit

author	Tomas Mraz <tomas@openssl.org>
	Mon, 6 Jun 2022 08:22:00 +0000 (10:22 +0200)
committer	Hugo Landau <hlandau@openssl.org>
	Mon, 18 Jul 2022 07:06:17 +0000 (08:06 +0100)
commit	ddb13b283be84d771deba1e964610b1670641f03
tree	bb021170034f9fcbafbbfd8e46a48b7884aa3d9d	tree \| snapshot
parent	358103b4a651ab3f392f088d86cd30469dccce2e	commit \| diff

Use as small dh key size as possible to support the security

Longer private key sizes unnecessarily raise the cycles needed to
compute the shared secret without any increase of the real security.

We use minimum key sizes as defined in RFC7919.

For arbitrary parameters we cannot know whether they are safe
primes (we could test but that would be too inefficient) we have
to keep generating large keys.

However we now set a small dh->length when we are generating safe prime
parameters because we know it is safe to use small keys with them.

That means users need to regenerate the parameters if they
want to take the performance advantage of small private key.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)

CHANGES.md		diff \| blob \| history
crypto/dh/dh_gen.c		diff \| blob \| history
crypto/dh/dh_group_params.c		diff \| blob \| history
crypto/ffc/ffc_backend.c		diff \| blob \| history
crypto/ffc/ffc_dh.c		diff \| blob \| history
crypto/ffc/ffc_key_generate.c		diff \| blob \| history
include/internal/ffc.h		diff \| blob \| history
test/ffc_internal_test.c		diff \| blob \| history