diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-09-09 09:59:54 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-09-09 13:58:03 +0200 |
commit | 1f9dc86b557dd259b636882836885d8e6714735e (patch) | |
tree | 3dec63052947cdde532395d915b47e2fb0ee541a /CHANGES | |
parent | 288241b6bf1ba4f07e06e83bbfdaf06f521d598b (diff) |
Change DH_generate_parameters back to order 2q subgroup
For for G=2 and 5 DH_generate_parameters will continue to generate
the order 2q subgroup for compatibility with previous versions.
For G=3 DH_generate_parameters generates an order q subgroup, but it
will not pass the check in DH_check with previous OpenSSL versions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9820)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -50,8 +50,8 @@ (CVE-2019-1552) [Richard Levitte] - *) Changed DH parameters to generate the order q subgroup instead of 2q. - Previously generated DH parameters are still accepted by DH_check + *) Changed DH_check to accept parameters with order q and 2q subgroups. + With order 2q subgroups the bit 0 of the private key is not secret but DH_generate_key works around that by clearing bit 0 of the private key for those. This avoids leaking bit 0 of the private key. [Bernd Edlinger] |