]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 243af56) | patch
Fix DH/DHX named groups to not overwrite the private key length.
authorShane Lontis <shane.lontis@oracle.com>
Thu, 10 Jun 2021 08:14:03 +0000 (18:14 +1000)
committerShane Lontis <shane.lontis@oracle.com>
Sun, 13 Jun 2021 23:21:12 +0000 (09:21 +1000)
commit1c49be8673713d2ceb03a63be03531d9b28a46bd
tree03de6cf281166362041a4966ee5b6ebfdbb48b08tree | snapshot
parent243af566e41e33e4ce2d3afa3e6a7383e20da737commit | diff
Fix DH/DHX named groups to not overwrite the private key length.

The only reason(s) the DH private key length should be set are:
(1) The user sets it during key generation via EVP_PKEY_CTX_set_params
    using OSSL_PKEY_PARAM_DH_PRIV_LEN.
(2) When loading a PKCS3 (DH) key the optional value
    'privateValueLength' is set.

Now that the named groups contain a value for 'q' there is no reason to
automatically overwrite the private key length.

Issue detected by @davidmakepeace

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15695)
crypto/dh/dh_group_params.c diff | blob | blame | history
test/dhtest.c diff | blob | blame | history
A mirror of the official openssl repository