Deprecate DH harder #13138
Deprecate DH harder #13138
Conversation
|
Do we actually need non-deprecated replacement for SSL_set_tmp_dh now that the libssl should automatically choose right safe prime from the known good ones? I propose to not add such replacement. |
I believe there are many people who want to use their specific DH params, and would be broken by removing that capability. |
|
The reason they used specific DH params was mostly that the OpenSSL itself historically did not provide reasonable ones built in. But OK I suppose OpenSSL should still allow users to shoot themselves into their feet. |
Yes. |
|
No problems.. I am mainly asking because I am doing the EC deprecation currently - just making sure that was not deliberate. |
mattcaswell
changed the title
mattcaswell
force-pushed
the
deprecate-dh
branch
from
7b0709d
to
79e0211
Compare
|
I've rebased this to pick up #13136 and #13135 which have now been merged, so this PR is no longer dependent on them. There's also been numerous updates, including deprecating the remaining DH functions and a number of fixes that resulted. Fixed the "make update" strangeness. Still to do: documentation updates; more testing |
|
So I'm confused what you think "no-dh" means. To me it means we have no support for DH at all, and that the EVP functions return an error in case you try to use them with DH. |
It means there is no low-level DH implementation. It so happens that if you have no DH implementation then the EVP functions will return an error. Unless you happen to plug in a third party provider that does have DH support, in which case it will start to work. |
|
So that means that the SSL library always has DHE support, but
just fails to negiotate a cipher using it? Or does it detect that
DH is not provided, and then not announce it supports it/not
select that as cipher?
|
|
This PR no longer support reading parameters from stdin, master still support this. |
It should be the latter - it should properly detect whether DH is provided or not and not announce/negotiate it if it isn't. Anything else would be a bug. |
Most algorithms (e.g. symmetric ciphers and hashes), it detects up front and does not offer ciphersuites based on that if there is no support. It also detects key exchange algorithms up front and does not offer groups in the supported_groups extension that it cannot support (including DH groups). However, checking the code, it looks to me like it doesn't actually suppress DH ciphersuites if it doesn't have DH support. It should do. I'll raise an issue for that. |
Hmm. I just tried this on master and got this output: Trying the same thing on 1.1.1 works fine. So it looks to me like this is broken even in master. |
|
The difference between this PR and master, is that on master it
still waits for the data while this PR just directly returns an
error.
|
It still seems to fail at the same line in the OSSL_DECODER code though. I've raised an issue (#13185). |
d2i_DHparams and i2d_DHparam as well as the equivalent DHX functions are deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #13138)
EVP_PKEY_set1_DH is deprecated so there is no need to test it in a no-deprecated build. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #13138)
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #13138)
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #13138)
Extend the existing CHANGES.md entry with information about the additional functions that have also been deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #13138)
d2i_RSAPrivateKey.pod is the more generic page for these deprecated functions and provides advice and guidance on how to translate the old style functions into new ones. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #13138)
|
Pushed. Thanks. |
This is very much an early sight WIP PR. It depends on #13136 and #13135 - those commits are included here.
Still to be done: