]> git.ipfire.org Git - thirdparty/openssl.git/commit - include/openssl/dh.h
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2198b3a) | patch
Better check of DH parameters in TLS data
authorRichard Levitte <levitte@openssl.org>
Fri, 30 Dec 2016 20:57:28 +0000 (21:57 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 26 Jan 2017 10:54:01 +0000 (10:54 +0000)
commit2650515394537ad30110f322e56d3afe710d0886
tree8d8a0d93d4c54446d7a01748dbd87d7ea72c2688tree | snapshot
parent2198b3a55de681e1f3c23edb0586afe13f438051commit | diff
Better check of DH parameters in TLS data

When the client reads DH parameters from the TLS stream, we only
checked that they all are non-zero.  This change updates the check to
use DH_check_params()

DH_check_params() is a new function for light weight checking of the p
and g parameters:

    check that p is odd
    check that 1 < g < p - 1

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
crypto/dh/dh_check.c diff | blob | blame | history
include/openssl/dh.h diff | blob | blame | history
ssl/statem/statem_clnt.c diff | blob | blame | history
util/libcrypto.num diff | blob | blame | history
A mirror of the official openssl repository