git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	Shane Lontis <shane.lontis@oracle.com>
	Mon, 29 Mar 2021 03:38:00 +0000 (13:38 +1000)
committer	Shane Lontis <shane.lontis@oracle.com>
	Wed, 31 Mar 2021 23:07:08 +0000 (09:07 +1000)
commit	e454a3934c287aede194cac49c8934f04bf6a04f
tree	c43916f0a50c5e2d1a9aa1caa00539c0629f1175	tree \| snapshot
parent	9e6f30e683fd0f243cf15d2bac2cdef2bcbbac12	commit \| diff

Add a range check (from SP800-56Ar3) to DH key derivation.

Fixes #14401

Note that this moves the public key check out of DH compute_key() since
key validation does not belong inside this primitive..
The check has been moved to the EVP_PKEY_derive_set_peer() function so that
it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex()
to disable this behaviour.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14717)

13 files changed:

CHANGES.md		diff \| blob \| blame \| history
crypto/dh/dh_err.c		diff \| blob \| blame \| history
crypto/dh/dh_key.c		diff \| blob \| blame \| history
crypto/err/openssl.txt		diff \| blob \| blame \| history
crypto/evp/exchange.c		diff \| blob \| blame \| history
doc/man3/EVP_PKEY_derive.pod		diff \| blob \| blame \| history
include/crypto/dh.h		diff \| blob \| blame \| history
include/crypto/dherr.h		diff \| blob \| blame \| history
include/openssl/dherr.h		diff \| blob \| blame \| history
include/openssl/evp.h		diff \| blob \| blame \| history
test/dhtest.c		diff \| blob \| blame \| history
test/evp_test.c		diff \| blob \| blame \| history
util/libcrypto.num		diff \| blob \| blame \| history

A mirror of the official openssl repository

RSS Atom