[openssl-dev] [openssl.org #4278] DH_CHECK_PUBKEY_INVALID should be 0x4, not 0x3
David Benjamin via RT
rt at openssl.org
Thu Jan 28 19:19:33 UTC 2016
The recently-added DH_CHECK_PUBKEY_INVALID was set to 0x3, but
DH_CHECK_PUBKEY_* values are flags, so it should be 0x4 to avoid colliding
with DH_CHECK_PUBKEY_TOO_SMALL (0x01) and DH_CHECK_PUBKEY_TOO_LARGE (0x02).
See DH_check_pub_key's *ret |= logic.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b128abc3437600c3143cb2145185ab87ba3156a2
(Also, that code is missing malloc failure checks on BN_set_word,
BN_sub_word, and BN_copy. Though I could believe the first two don't
actually end up calling malloc; I didn't check.)
David
More information about the openssl-dev
mailing list