[openssl] master update
Matt Caswell
matt at openssl.org
Tue Feb 16 10:27:35 UTC 2021
The branch master has been updated
via c9e955dd50f30f46555ff837b0bbae63433cef40 (commit)
from 62829f9f26bf248f29be9604870bbe46f946927a (commit)
- Log -----------------------------------------------------------------
commit c9e955dd50f30f46555ff837b0bbae63433cef40
Author: Tomas Mraz <tomas at openssl.org>
Date: Mon Feb 15 15:26:14 2021 +0100
Do not match RFC 5114 groups without q as it is significant
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14189)
-----------------------------------------------------------------------
Summary of changes:
crypto/ffc/ffc_dh.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/ffc/ffc_dh.c b/crypto/ffc/ffc_dh.c
index 313466b0ea..948c61d988 100644
--- a/crypto/ffc/ffc_dh.c
+++ b/crypto/ffc/ffc_dh.c
@@ -110,7 +110,9 @@ const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p,
if (BN_cmp(p, dh_named_groups[i].p) == 0
&& BN_cmp(g, dh_named_groups[i].g) == 0
/* Verify q is correct if it exists */
- && (q == NULL || BN_cmp(q, dh_named_groups[i].q) == 0))
+ && ((q != NULL && BN_cmp(q, dh_named_groups[i].q) == 0)
+ /* Do not match RFC 5114 groups without q */
+ || (q == NULL && dh_named_groups[i].uid > 3)))
return &dh_named_groups[i];
}
return NULL;
More information about the openssl-commits
mailing list