Add a range check (from SP800-56Ar3) to DH key derivation.

Fixes #14401 Note that this moves the public key check out of DH compute_key() since key validation does not belong inside this primitive.. The check has been moved to the EVP_PKEY_derive_set_peer() function so that it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex() to disable this behaviour. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14717)
author: Shane Lontis <shane.lontis@oracle.com> 2021-03-29 13:38:00 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2021-04-01 09:07:08 +1000
commit: e454a3934c287aede194cac49c8934f04bf6a04f (patch)
tree: c43916f0a50c5e2d1a9aa1caa00539c0629f1175 /CHANGES.md
parent: 9e6f30e683fd0f243cf15d2bac2cdef2bcbbac12 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 10c471ab1b..54fc6855f0 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,14 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * A public key check is now performed during EVP_PKEY_derive_set_peer().
+   Previously DH was internally doing this during EVP_PKEY_derive().
+   To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0). This
+   may mean that an error can occur in EVP_PKEY_derive_set_peer() rather than
+   during EVP_PKEY_derive().
+
+   *Shane Lontis*
+
  * The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for
    more key types including RSA, DSA, ED25519, X25519, ED448 and X448.
    Previously (in 1.1.1) they would return -2. For key types that do not have
author	Shane Lontis <shane.lontis@oracle.com>	2021-03-29 13:38:00 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2021-04-01 09:07:08 +1000
commit	e454a3934c287aede194cac49c8934f04bf6a04f (patch)
tree	c43916f0a50c5e2d1a9aa1caa00539c0629f1175 /CHANGES.md
parent	9e6f30e683fd0f243cf15d2bac2cdef2bcbbac12 (diff)