Deprecate low level Diffie Hellman functions. by paulidale · Pull Request #11024 · openssl/openssl

paulidale · 2020-02-06T07:01:27Z

documentation is added or updated
tests are added or updated

paulidale · 2020-02-06T07:03:29Z

This is extremely early. Accepting the suite of deprecated functions is the first step.

The command line commit is a clone of the one in DSA: deprecate the low level functions. #10977 and will be removed once that is merged.
Documentation isn't updated.
The conversions in ssl3_lib.c have problems.
Tests are failing.

paulidale · 2020-02-12T03:18:10Z

Bringing this out of WIP. There are two outstanding functions: DH_new_by_nid and DH_check_params which should be deprecated but are used by TLS with no immediately obvious replacement.

Travis failures do not appear to be relevant.

levitte · 2020-02-12T09:21:36Z

Travis failures not relevant here

levitte · 2020-02-12T09:23:34Z

The corresponding thing for DH_check_params would be the key validation stuff, right?

levitte · 2020-02-12T09:29:09Z

DH_new_by_nid() is a constructor, just like DH_new(), even though very special case. I suggest not to deprecate it now.

ssl/s3_lib.c

paulidale · 2020-02-12T09:44:32Z

Yes, DH_check_params would be some kind of key validation. I tried creating an EVP_PKEY_CTX and calling some of the check functions but none worked.

Happy to leave DH_new_by_nid non-deprecated (it isn't currently). I guess NIDs will work for a while yet. There will need to be some refactoring to avoid NIDs internally.

levitte · 2020-02-12T09:51:18Z

There will need to be some refactoring to avoid NIDs internally.

Yes, agreed. I guess that we can work on that when EC stuff has transferred over to providers

levitte · 2020-02-16T06:21:52Z

Yes, DH_check_params would be some kind of key validation. I tried creating an EVP_PKEY_CTX and calling some of the check functions but none worked.

That's because there currently is no validation code added in the KEYMGMT implementations for DSA and DH.

levitte · 2020-02-16T06:26:27Z

Travis and Appveyor are a bit unhappy...

test/build.info

paulidale · 2020-02-16T07:33:45Z

That's because there currently is no validation code added in the KEYMGMT implementations for DSA and DH.

As I remembered after getting stuck into it.

paulidale · 2020-02-18T21:46:35Z

Travis isn't relevant, ping for review.

Use of the low level DH functions has been informally discouraged for a long time. We now formally deprecate them.

paulidale · 2020-02-20T09:22:02Z

Rebased and conflicts merged -- no code changes just infrastructure.
I'll wait for the CIs before merging.

paulidale · 2020-02-20T09:58:26Z

Merged to master. Thanks for the feedback and assistance.

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #11024)

Use of the low level DH functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #11024)

paulidale added the branch: master Applies to master branch label Feb 6, 2020

paulidale force-pushed the dep-dh branch 3 times, most recently from 29e9586 to d6c9e86 Compare February 12, 2020 03:01

paulidale changed the title ~~WIP: Deprecate low level Diffie Hellman functions.~~ Deprecate low level Diffie Hellman functions. Feb 12, 2020

paulidale added the approval: review pending This pull request needs review by a committer label Feb 12, 2020

paulidale marked this pull request as ready for review February 12, 2020 03:18

levitte reviewed Feb 12, 2020

View reviewed changes

ssl/s3_lib.c Outdated Show resolved Hide resolved

paulidale force-pushed the dep-dh branch from 644b4e5 to 98a01df Compare February 16, 2020 03:18

levitte requested changes Feb 16, 2020

View reviewed changes

test/build.info Outdated Show resolved Hide resolved

test/build.info Outdated Show resolved Hide resolved

paulidale force-pushed the dep-dh branch 3 times, most recently from d79a252 to 19ec26a Compare February 16, 2020 07:31

paulidale force-pushed the dep-dh branch 2 times, most recently from 5b4b4c8 to a028270 Compare February 18, 2020 12:44

levitte approved these changes Feb 19, 2020

View reviewed changes

paulidale added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Feb 19, 2020

DH: fix header file indentation

254b0eb

paulidale added 2 commits February 20, 2020 19:01

DH: add CHANGES entry listing the deprecated DH functions.

16265e2

Deprecate the low level Diffie-Hellman functions.

8ec7654

Use of the low level DH functions has been informally discouraged for a long time. We now formally deprecate them.

paulidale force-pushed the dep-dh branch from a028270 to 8ec7654 Compare February 20, 2020 09:05

paulidale closed this Feb 20, 2020

openssl-machine pushed a commit that referenced this pull request Feb 20, 2020

DH: fix header file indentation

2c64df6

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #11024)

openssl-machine pushed a commit that referenced this pull request Feb 20, 2020

DH: add CHANGES entry listing the deprecated DH functions.

0ad05b1

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #11024)

paulidale deleted the dep-dh branch February 20, 2020 09:58

Uh oh!

Conversation

paulidale commented Feb 6, 2020

Uh oh!

paulidale commented Feb 6, 2020

Uh oh!

paulidale commented Feb 12, 2020

Uh oh!

levitte commented Feb 12, 2020

Uh oh!

levitte commented Feb 12, 2020

Uh oh!

levitte commented Feb 12, 2020

Uh oh!

Uh oh!

paulidale commented Feb 12, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

levitte commented Feb 12, 2020

Uh oh!

levitte commented Feb 16, 2020

Uh oh!

levitte commented Feb 16, 2020

Uh oh!

Uh oh!

Uh oh!

paulidale commented Feb 16, 2020

Uh oh!

paulidale commented Feb 18, 2020

Uh oh!

paulidale commented Feb 20, 2020

Uh oh!

paulidale commented Feb 20, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

paulidale commented Feb 12, 2020 •

edited

Loading